ios - 使用 Alamofire 进行 Ssl 固定不会阻止其他域中的请求

问题描述

我正在开发一个使用Alamofire. 我正在尝试实现 ssl pinning。我已经在我的应用程序中捆绑了 der 文件。这是我的代码

class ApiSessionnManager{

    static let shared = ApiSessionnManager()
    var afmanager:SessionManager

    init(){

        let domain = "herokuap.com"
        let githubCert = "herokuapp" // Dev ssl cert and Prod ssl cert ****

        let pathToCert = Bundle.main.path(forResource: githubCert, ofType: "der")

        let localCertificate: Data = try! Data(contentsOf: URL(fileURLWithPath: pathToCert!))

        let localCertificateCfData: CFData = localCertificate as CFData

        let secCert = SecCertificateCreateWithData(nil, localCertificateCfData)!

        let serverTrustPolicy = ServerTrustPolicy.pinCertificates(certificates: [secCert], validateCertificateChain: true, validateHost: true)

        let serverTrustPolicies = [

            domain: serverTrustPolicy

        ]
            let configuration = URLSessionConfiguration.default

            configuration.httpAdditionalHeaders = SessionManager.defaultHTTPHeaders

            self.afmanager =  SessionManager(configuration: configuration,serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies))




    }



}

在我的 Viewcontroller 类中，我有

func signIn()   {
        let parameters: [String: AnyObject] = [
            "id" : "user" as AnyObject,
            "password" : "pass" as AnyObject

        ]

        ApiSessionnManager.shared.afmanager.request("https://floating-stream-25740.herokuapp.com/authentication/login", method: .post, parameters: parameters, encoding: JSONEncoding.default)
            .responseJSON { response in
                print(response)
        }

我得到了成功的回应。但问题是即使我更改了域，我仍然得到成功响应。SSL 不会阻止来自其他域的请求。任何帮助将不胜感激。

标签： iosswiftsslalamofire