I'm current able on my IOS app using Alamofire and SSL pinning to log in to my company website.
But I can't log in to a subdomain of my website. is there any special configuration I'm missing in my code to be able to establish the SSL communication with my subdomain?
func loadcertificate()->[SecCertificate]{
guard let pathToCert = Bundle.main.path(forResource: "amua", ofType: "cer") else {fatalError("can not find")}
guard let localCertificate = NSData(contentsOfFile: pathToCert) else {fatalError("can not load")}
guard let cert = SecCertificateCreateWithData(nil, localCertificate) else {fatalError("can not read cert")}
return [cert]
}
func connection() {
sessionManager = Session(configuration: URLSessionConfiguration.default)
let evaluator = PinnedCertificatesTrustEvaluator(certificates: loadcertificate(),
acceptSelfSignedCertificates: false,
performDefaultValidation: true,
validateHost: true)
let ServerTrustManager = ServerTrustManager(allHostsMustBeEvaluated: false,
evaluators:
["airmacau.com.mo" : evaluator])
sessionManager = Session(configuration: URLSessionConfiguration.default, delegate: SessionDelegate(), serverTrustManager: ServerTrustManager)
sessionManager?.request("https://icrew.airmacau.com.mo", method: .get, encoding: URLEncoding.default)
.response { response in
if let st = response.data {
let str = String(decoding: st, as: UTF8.self)
do {
print("OK")
let doc: Document = try SwiftSoup.parse(str)
print(doc)
}catch let err {
print("ERRORE .get icrew")
print(err.localizedDescription)
}
}
}
}
}
if I connect to the main website address https://www.airmacau.com.mo all work fine, if I connect to the subdomain https://icrew.airmacau.com.mo the connection fail and I get the error HANDSHAKE_FAILURE
class WildcardServerTrustPolicyManager: ServerTrustManager {
override func serverTrustEvaluator(forHost host: String) throws -> ServerTrustEvaluating? {
if let policy = evaluators[host] {
return policy
}
var domainComponents = host.split(separator: ".")
if domainComponents.count > 2 {
domainComponents[0] = "*"
let wildcardHost = domainComponents.joined(separator: ".")
return evaluators[wildcardHost]
}
return nil
}
}
Implementation:
let evaluators: [String: ServerTrustEvaluating] = [
"*.airmacau.com.mo": evaluator
]
let manager = WildcardServerTrustPolicyManager(evaluators: evaluators)
Session Manager Config:
sessionManager = Session(configuration: URLSessionConfiguration.default, delegate: SessionDelegate(), serverTrustManager: manager)