Search code examples
swiftxcodenetwork-programmingalamofirensurlsession

Alamofire, ssl pinning on subdomain address

I'm current able on my IOS app using Alamofire and SSL pinning to log in to my company website.

But I can't log in to a subdomain of my website. is there any special configuration I'm missing in my code to be able to establish the SSL communication with my subdomain?

  1. I add the certificate file .cer in the app bundle
  2. create the [SecCertificate]
func loadcertificate()->[SecCertificate]{
        guard let pathToCert = Bundle.main.path(forResource: "amua", ofType: "cer") else {fatalError("can not find")}
        guard let localCertificate = NSData(contentsOfFile: pathToCert) else {fatalError("can not load")}
        guard let cert = SecCertificateCreateWithData(nil, localCertificate) else {fatalError("can not read cert")}
        
        return  [cert]
    }
  1. Create the Alamofire session and connection request:
 func connection() {
        sessionManager = Session(configuration: URLSessionConfiguration.default)
        
        let evaluator = PinnedCertificatesTrustEvaluator(certificates: loadcertificate(),
                                                         acceptSelfSignedCertificates: false,
                                                         performDefaultValidation: true,
                                                         validateHost: true)
        
        let ServerTrustManager = ServerTrustManager(allHostsMustBeEvaluated: false,
                                                    evaluators:
                                                        ["airmacau.com.mo" : evaluator])
        sessionManager = Session(configuration: URLSessionConfiguration.default, delegate: SessionDelegate(), serverTrustManager: ServerTrustManager)
        
        
        sessionManager?.request("https://icrew.airmacau.com.mo", method: .get, encoding: URLEncoding.default)
            
            .response { response in
                if let st = response.data {
                    let str = String(decoding: st, as: UTF8.self)
                    do {
                        print("OK")
                        let doc: Document = try SwiftSoup.parse(str)
                        print(doc)
                    }catch let err  {
                        print("ERRORE .get icrew")
                        print(err.localizedDescription)
                    }
                    
                    
                }
            }
    }
}

if I connect to the main website address https://www.airmacau.com.mo all work fine, if I connect to the subdomain https://icrew.airmacau.com.mo the connection fail and I get the error HANDSHAKE_FAILURE

Solution 
  • class WildcardServerTrustPolicyManager: ServerTrustManager {
    override func serverTrustEvaluator(forHost host: String) throws -> ServerTrustEvaluating? {
        if let policy = evaluators[host] {
            return policy
        }
        var domainComponents = host.split(separator: ".")
        if domainComponents.count > 2 {
            domainComponents[0] = "*"
            let wildcardHost = domainComponents.joined(separator: ".")
            return evaluators[wildcardHost]
        }
        return nil
    }
}

    Implementation:

     let evaluators: [String: ServerTrustEvaluating] = [
        "*.airmacau.com.mo": evaluator
    ]

    let manager = WildcardServerTrustPolicyManager(evaluators: evaluators)

    Session Manager Config:

    sessionManager = Session(configuration: URLSessionConfiguration.default, delegate: SessionDelegate(), serverTrustManager: manager)