iOS 12上的NSAppTransportSecurity + NSAllowsArbitraryLoads

Question

过去有一种方法可以在HTTPs上使用有效的证书来解决iOS的缺陷。在这种状态下，我对将应用程序提交到应用商店不感兴趣，我只想在开发应用程序时与Charles一起嗅探网络操作。

谢谢

我试过了

<key>NSAppTransportSecurity</key>
<dict>
    <key>NSAllowsArbitraryLoads</key>
    <true/>
</dict>

...and所有其他在网上常见的变体。

一定有办法的..。

Answer 1

您可以使用下面的代码使用URLSessionRequest进行SSL请求，

 fileprivate func SSLCertificateCreateTrustResult(_ serverTrust: SecTrust)->SecTrustResultType {
        let certificate: SecCertificate = SecTrustGetCertificateAtIndex(serverTrust, 0)!
        let remoteCertificateData = CFBridgingRetain(SecCertificateCopyData(certificate))!
        var certName = "certName"

        let cerPath: String = Bundle.main.path(forResource: certName, ofType: "der")!
        let localCertificateData = NSData(contentsOfFile:cerPath)!

        let certDataRef = localCertificateData as CFData
        let cert = (SecCertificateCreateWithData(nil, certDataRef))
        let certArrayRef = [cert] as CFArray
        SecTrustSetAnchorCertificates(serverTrust, certArrayRef)
        SecTrustSetAnchorCertificatesOnly(serverTrust, false)
        let trustResult: SecTrustResultType = SecTrustResultType.invalid
        return trustResult
    }
    func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
        if challenge.protectionSpace.authenticationMethod == (NSURLAuthenticationMethodServerTrust) {
            let serverTrust:SecTrust = challenge.protectionSpace.serverTrust!
            var localCertificateTrust = SSLCertificateCreateTrustResult(serverTrust)
            SecTrustEvaluate(serverTrust, &localCertificateTrust)
            if localCertificateTrust == SecTrustResultType.unspecified || localCertificateTrust == SecTrustResultType.proceed || localCertificateTrust == SecTrustResultType.recoverableTrustFailure
            {
                let credential:URLCredential = URLCredential(trust: serverTrust)
                challenge.sender?.use(credential, for: challenge)
                completionHandler(URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))

            } else {
                let properties = SecTrustCopyProperties(serverTrust)
                completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil)
            }
        }
        else
        {
            completionHandler(URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil);
        }
    }

在条件下

if localCertificateTrust == SecTrustResultType.unspecified || localCertificateTrust == SecTrustResultType.proceed || localCertificateTrust == SecTrustResultType.recoverableTrustFailure

以下类型适用于有效证书

SecTrustResultType.unspecified , SecTrustResultType.proceed

对于无效的证书SecTrustResultType.recoverableTrustFailure

我已经在||条件下添加了以上所有三种类型的证书，以便处理有效和无效的证书，以防您要删除任何类型的证书，您可以删除其他类型