您可以创建一个ServerTrustManager
将每个主机名作为参数传递给您的评估器。
用于公钥固定使用PublicKeysTrustEvaluator
像这样:
let evaluators: [String : ServerTrustEvaluating] = [
"your.host.com": PublicKeysTrustEvaluator(performDefaultValidation: false, validateHost: false)
]
let serverTrustManager = ServerTrustManager(evaluators: evaluators)
用于证书固定使用PinnedCertificatesTrustEvaluator
像这样:
let evaluators: [String : ServerTrustEvaluating] = [
"your.host.com": PinnedCertificatesTrustEvaluator(
acceptSelfSignedCertificates: true,
performDefaultValidation: false,
validateHost: false
)
]
let serverTrustManager = ServerTrustManager(evaluators: evaluators)
这两种方法都需要将您的证书包含在捆绑包中,如下所示.cer
or .der
file.
创建您的后ServerTrustManager
将它传递给Session
实例并将其用于您的请求:
let session = Session(serverTrustManager: serverTrustManager)
如果您想要在如何验证服务器上有更复杂的逻辑,或者必须在域中使用通配符,则必须子类化ServerTrustManager
并覆盖serverTrustEvaluator(forHost:)
功能:
class MyServerTrustManager: ServerTrustManager {
init() {
super.init(evaluators: [:])
}
override func serverTrustEvaluator(forHost host: String) throws -> ServerTrustEvaluating? {
guard host.hasSuffix(".host.com") else {
return try super.serverTrustEvaluator(forHost: host)
}
return PublicKeysTrustEvaluator(performDefaultValidation: false, validateHost: false)
}
}