Как упоминалось в официальных документах [1], я пытался реализовать SSL-пиннинг в проекте Ionic + Angular + Capacitor с использованием плагина Cordova Advanced HTTP [2].
Однако каждый раз, когда яоткройте приложение iOS с XCode, оно регистрирует ошибку [3] о том, что сертификат недействителен, что я считаю неправильным.
2019-07-02 09:20:13.211085+0530 App[481:58424] TIC SSL Trust Error [1:0x280002100]: 3:0
2019-07-02 09:20:13.228677+0530 App[481:58424] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
2019-07-02 09:20:13.228721+0530 App[481:58424] Task <46E01436-B71E-421D-B8F0-584EBEBEDD56>.<1> HTTP load failed (error code: -1202 [3:-9813])
2019-07-02 09:20:13.228908+0530 App[481:58418] Task <46E01436-B71E-421D-B8F0-584EBEBEDD56>.<1> finished with error - code: -1202
2019-07-02 09:20:13.231665+0530 App[481:58415] Task <46E01436-B71E-421D-B8F0-584EBEBEDD56>.<1> load failed with error Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “reqres.in” which could put your confidential information at risk." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
"<cert(0x10408e200) s: sni96286.cloudflaressl.com i: COMODO ECC Domain Validation Secure Server CA 2>",
"<cert(0x104067800) s: COMODO ECC Domain Validation Secure Server CA 2 i: COMODO ECC Certification Authority>",
"<cert(0x10408ee00) s: COMODO ECC Certification Authority i: AddTrust External CA Root>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://reqres.in/api/users/2, NSErrorFailingURLStringKey=https://reqres.in/api/users/2, NSUnderlyingError=0x283b578d0 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x28070d4d0>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9813, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x10408e200) s: sni96286.cloudflaressl.com i: COMODO ECC Domain Validation Secure Server CA 2>",
"<cert(0x104067800) s: COMODO ECC Domain Validation Secure Server CA 2 i: COMODO ECC Certification Authority>",
"<cert(0x10408ee00) s: COMODO ECC Certification Authority i: AddTrust External CA Root>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <46E01436-B71E-421D-B8F0-584EBEBEDD56>.<1>"
), _kCFStreamErrorCodeKey=-9813, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <46E01436-B71E-421D-B8F0-584EBEBEDD56>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x28070d4d0>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “reqres.in” which could put your confidential information at risk.} [-1202]
⚡️ [log] - -2
⚡️ [log] - The certificate for this server is invalid. You might be connecting to a server that is pretending to be “reqres.in” which could put your confidential information at risk.
⚡️ [log] - undefined
Мой пример приложения с шагами, которые я предпринял, доступен на GitHub [4], и я хотел бы знать, как правильно установить SSL Pinning в мое приложение.В идеале всем было бы удобно, если бы вы могли раскошелиться / клонировать мой проект и попробовать в нем свои обходные пути.
[1] https://ionicframework.com/docs/native/http
[2] https://github.com/silkimen/cordova-plugin-advanced-http
[3] https://github.com/ashenwgt/ionic-capacitor-ssl-pinning/blob/master/logs/xcode-log.backup
[4] https://github.com/ashenwgt/ionic-capacitor-ssl-pinning
Любая помощь будет принята с благодарностью.