Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
white49
Alamofire
提交
34b43bd7
A
Alamofire
项目概览
white49
/
Alamofire
与 Fork 源项目一致
从无法访问的项目Fork
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
A
Alamofire
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
34b43bd7
编写于
3月 26, 2019
作者:
J
Jon Shier
提交者:
Christian Noon
3月 26, 2019
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add AlamofireExtended and adopt it for public extensions. (#2758)
上级
416825ca
变更
9
隐藏空白更改
内联
并排
Showing
9 changed file
with
234 addition
and
114 deletion
+234
-114
Alamofire.xcodeproj/project.pbxproj
Alamofire.xcodeproj/project.pbxproj
+11
-1
Source/AlamofireExtended.swift
Source/AlamofireExtended.swift
+55
-0
Source/ServerTrustEvaluation.swift
Source/ServerTrustEvaluation.swift
+137
-83
Source/Session.swift
Source/Session.swift
+1
-1
Source/URLRequest+Alamofire.swift
Source/URLRequest+Alamofire.swift
+2
-2
Source/URLSessionConfiguration+Alamofire.swift
Source/URLSessionConfiguration+Alamofire.swift
+3
-2
Tests/RequestTests.swift
Tests/RequestTests.swift
+4
-4
Tests/ServerTrustEvaluatorTests.swift
Tests/ServerTrustEvaluatorTests.swift
+17
-17
Tests/TLSEvaluationTests.swift
Tests/TLSEvaluationTests.swift
+4
-4
未找到文件。
Alamofire.xcodeproj/project.pbxproj
浏览文件 @
34b43bd7
...
...
@@ -124,6 +124,10 @@
31D83FCF20D5C29300D93E47
/* URLConvertible+URLRequestConvertible.swift in Sources */
=
{
isa
=
PBXBuildFile
;
fileRef
=
31D83FCD20D5C29300D93E47
/* URLConvertible+URLRequestConvertible.swift */
;
};
31D83FD020D5C29300D93E47
/* URLConvertible+URLRequestConvertible.swift in Sources */
=
{
isa
=
PBXBuildFile
;
fileRef
=
31D83FCD20D5C29300D93E47
/* URLConvertible+URLRequestConvertible.swift */
;
};
31D83FD120D5C29300D93E47
/* URLConvertible+URLRequestConvertible.swift in Sources */
=
{
isa
=
PBXBuildFile
;
fileRef
=
31D83FCD20D5C29300D93E47
/* URLConvertible+URLRequestConvertible.swift */
;
};
31DADDFB224811ED0051390F
/* AlamofireExtended.swift in Sources */
=
{
isa
=
PBXBuildFile
;
fileRef
=
31DADDFA224811ED0051390F
/* AlamofireExtended.swift */
;
};
31DADDFC224811ED0051390F
/* AlamofireExtended.swift in Sources */
=
{
isa
=
PBXBuildFile
;
fileRef
=
31DADDFA224811ED0051390F
/* AlamofireExtended.swift */
;
};
31DADDFD224811ED0051390F
/* AlamofireExtended.swift in Sources */
=
{
isa
=
PBXBuildFile
;
fileRef
=
31DADDFA224811ED0051390F
/* AlamofireExtended.swift */
;
};
31DADDFE224811ED0051390F
/* AlamofireExtended.swift in Sources */
=
{
isa
=
PBXBuildFile
;
fileRef
=
31DADDFA224811ED0051390F
/* AlamofireExtended.swift */
;
};
31EBD9C120D1D89C00D1FF34
/* ValidationTests.swift in Sources */
=
{
isa
=
PBXBuildFile
;
fileRef
=
F8AE910119D28DCC0078C7B2
/* ValidationTests.swift */
;
};
31EBD9C220D1D89C00D1FF34
/* ValidationTests.swift in Sources */
=
{
isa
=
PBXBuildFile
;
fileRef
=
F8AE910119D28DCC0078C7B2
/* ValidationTests.swift */
;
};
31EBD9C320D1D89D00D1FF34
/* ValidationTests.swift in Sources */
=
{
isa
=
PBXBuildFile
;
fileRef
=
F8AE910119D28DCC0078C7B2
/* ValidationTests.swift */
;
};
...
...
@@ -380,6 +384,7 @@
31B2CA9421AA24F5005B371A
/* Package@swift-4.swift */
=
{
isa
=
PBXFileReference
;
lastKnownFileType
=
sourcecode.swift
;
path
=
"Package@swift-4.swift"
;
sourceTree
=
"<group>"
;
};
31B2CA9521AA25CD005B371A
/* Package.swift */
=
{
isa
=
PBXFileReference
;
lastKnownFileType
=
sourcecode.swift
;
path
=
Package.swift
;
sourceTree
=
"<group>"
;
};
31D83FCD20D5C29300D93E47
/* URLConvertible+URLRequestConvertible.swift */
=
{
isa
=
PBXFileReference
;
lastKnownFileType
=
sourcecode.swift
;
path
=
"URLConvertible+URLRequestConvertible.swift"
;
sourceTree
=
"<group>"
;
};
31DADDFA224811ED0051390F
/* AlamofireExtended.swift */
=
{
isa
=
PBXFileReference
;
lastKnownFileType
=
sourcecode.swift
;
path
=
AlamofireExtended.swift
;
sourceTree
=
"<group>"
;
};
31ED52E61D73889D00199085
/* AFError+AlamofireTests.swift */
=
{
isa
=
PBXFileReference
;
fileEncoding
=
4
;
lastKnownFileType
=
sourcecode.swift
;
path
=
"AFError+AlamofireTests.swift"
;
sourceTree
=
"<group>"
;
};
31F5085C20B50DC400FE2A0C
/* URLSessionConfiguration+Alamofire.swift */
=
{
isa
=
PBXFileReference
;
lastKnownFileType
=
sourcecode.swift
;
path
=
"URLSessionConfiguration+Alamofire.swift"
;
sourceTree
=
"<group>"
;
};
31F9683B20BB70290009606F
/* NSLoggingEventMonitor.swift */
=
{
isa
=
PBXFileReference
;
lastKnownFileType
=
sourcecode.swift
;
path
=
NSLoggingEventMonitor.swift
;
sourceTree
=
"<group>"
;
};
...
...
@@ -708,8 +713,8 @@
319917A9209CDCB000103A19
/* HTTPHeaders.swift */
,
31727417218BAEC90039FFCC
/* HTTPMethod.swift */
,
4CB928281C66BFBC00CE5F08
/* Notifications.swift */
,
4CE2724E1AF88FB500F1D59A
/* ParameterEncoding.swift */
,
3172741C218BB1790039FFCC
/* ParameterEncoder.swift */
,
4CE2724E1AF88FB500F1D59A
/* ParameterEncoding.swift */
,
3191B5741F5F53A6003960A8
/* Protector.swift */
,
31991790209CDA7F00103A19
/* Request.swift */
,
319917A4209CDAC400103A19
/* RequestTaskMap.swift */
,
...
...
@@ -725,6 +730,7 @@
4CDE2C491AF8A14E00BABAE5
/* Features */
=
{
isa
=
PBXGroup
;
children
=
(
31DADDFA224811ED0051390F
/* AlamofireExtended.swift */
,
4C4466EA21F8F5D800AC9703
/* CachedResponseHandler.swift */
,
3111CE8720A77843008315E2
/* EventMonitor.swift */
,
4C23EB421B327C5B0090E0BC
/* MultipartFormData.swift */
,
...
...
@@ -1338,6 +1344,7 @@
3199179E209CDA7F00103A19
/* Session.swift in Sources */
,
4CF627071BA7CBF60011A099
/* Alamofire.swift in Sources */
,
3111CE8A20A77945008315E2
/* EventMonitor.swift in Sources */
,
31DADDFD224811ED0051390F
/* AlamofireExtended.swift in Sources */
,
);
runOnlyForDeploymentPostprocessing
=
0
;
};
...
...
@@ -1409,6 +1416,7 @@
3199179D209CDA7F00103A19
/* Session.swift in Sources */
,
4C0E5BF91B673D3400816CCC
/* Result.swift in Sources */
,
3111CE8920A77944008315E2
/* EventMonitor.swift in Sources */
,
31DADDFC224811ED0051390F
/* AlamofireExtended.swift in Sources */
,
);
runOnlyForDeploymentPostprocessing
=
0
;
};
...
...
@@ -1446,6 +1454,7 @@
3199179F209CDA7F00103A19
/* Session.swift in Sources */
,
E4202FD81B667AA100C997FB
/* Validation.swift in Sources */
,
3111CE8B20A77945008315E2
/* EventMonitor.swift in Sources */
,
31DADDFE224811ED0051390F
/* AlamofireExtended.swift in Sources */
,
);
runOnlyForDeploymentPostprocessing
=
0
;
};
...
...
@@ -1483,6 +1492,7 @@
3199179C209CDA7F00103A19
/* Session.swift in Sources */
,
4C0E5BF81B673D3400816CCC
/* Result.swift in Sources */
,
3111CE8820A77843008315E2
/* EventMonitor.swift in Sources */
,
31DADDFB224811ED0051390F
/* AlamofireExtended.swift in Sources */
,
);
runOnlyForDeploymentPostprocessing
=
0
;
};
...
...
Source/AlamofireExtended.swift
0 → 100644
浏览文件 @
34b43bd7
//
// AlamofireExtended.swift
//
// Copyright (c) 2019 Alamofire Software Foundation (http://alamofire.org/)
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to deal
// in the Software without restriction, including without limitation the rights
// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
// copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
//
// The above copyright notice and this permission notice shall be included in
// all copies or substantial portions of the Software.
//
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
// THE SOFTWARE.
//
/// Type that acts as a generic extension point for all `AlamofireExtended` types.
public
struct
AlamofireExtension
<
ExtendedType
>
{
/// Stores the type or metatype of any extended type.
let
type
:
ExtendedType
init
(
_
type
:
ExtendedType
)
{
self
.
type
=
type
}
}
/// Protocol describing the `af` extension points for Alamofire extended types.
public
protocol
AlamofireExtended
{
associatedtype
ExtendedType
/// Static Alamofire extension point.
static
var
af
:
AlamofireExtension
<
ExtendedType
>.
Type
{
get
set
}
/// Instance Alamofire extension point.
var
af
:
AlamofireExtension
<
ExtendedType
>
{
get
set
}
}
public
extension
AlamofireExtended
{
static
var
af
:
AlamofireExtension
<
Self
>.
Type
{
get
{
return
AlamofireExtension
<
Self
>.
self
}
set
{
}
}
var
af
:
AlamofireExtension
<
Self
>
{
get
{
return
AlamofireExtension
(
self
)
}
set
{
}
}
}
Source/ServerTrustEvaluation.swift
浏览文件 @
34b43bd7
...
...
@@ -85,24 +85,6 @@ public protocol ServerTrustEvaluating {
#endif
}
extension
Array
where
Element
==
ServerTrustEvaluating
{
#if os(Linux)
// Add this same convenience method for Linux.
#else
/// Evaluates the given `SecTrust` value for the given `host`.
///
/// - Parameters:
/// - trust: The `SecTrust` value to evaluate.
/// - host: The host for which to evaluate the `SecTrust` value.
/// - Returns: Whether or not the evaluator considers the `SecTrust` value valid for `host`.
func
evaluate
(
_
trust
:
SecTrust
,
forHost
host
:
String
)
throws
{
for
evaluator
in
self
{
try
evaluator
.
evaluate
(
trust
,
forHost
:
host
)
}
}
#endif
}
// MARK: - Server Trust Evaluators
/// An evaluator which uses the default server trust evaluation while allowing you to control whether to validate the
...
...
@@ -120,10 +102,10 @@ public final class DefaultTrustEvaluator: ServerTrustEvaluating {
public
func
evaluate
(
_
trust
:
SecTrust
,
forHost
host
:
String
)
throws
{
if
validateHost
{
try
trust
.
validateHost
(
host
)
try
trust
.
af
.
performValidation
(
forHost
:
host
)
}
try
trust
.
performDefaultEvalu
ation
(
forHost
:
host
)
try
trust
.
af
.
performDefaultValid
ation
(
forHost
:
host
)
}
}
...
...
@@ -186,14 +168,14 @@ public final class RevocationTrustEvaluator: ServerTrustEvaluating {
public
func
evaluate
(
_
trust
:
SecTrust
,
forHost
host
:
String
)
throws
{
if
performDefaultValidation
{
try
trust
.
performDefaultEvalu
ation
(
forHost
:
host
)
try
trust
.
af
.
performDefaultValid
ation
(
forHost
:
host
)
}
if
validateHost
{
try
trust
.
validateHost
(
host
)
try
trust
.
af
.
performValidation
(
forHost
:
host
)
}
try
trust
.
validate
(
policy
:
.
revocation
(
options
:
options
))
{
(
status
,
result
)
in
try
trust
.
af
.
validate
(
policy
:
SecPolicy
.
af
.
revocation
(
options
:
options
))
{
(
status
,
result
)
in
AFError
.
serverTrustEvaluationFailed
(
reason
:
.
revocationCheckFailed
(
output
:
.
init
(
host
,
trust
,
status
,
result
),
options
:
options
))
}
}
...
...
@@ -223,7 +205,7 @@ public final class PinnedCertificatesTrustEvaluator: ServerTrustEvaluating {
/// - validateHost: Determines whether or not the evaluator should validate the host, in addition
/// to performing the default evaluation, even if `performDefaultValidation` is
/// `false`. Defaults to `true`.
public
init
(
certificates
:
[
SecCertificate
]
=
Bundle
.
main
.
certificates
,
public
init
(
certificates
:
[
SecCertificate
]
=
Bundle
.
main
.
af
.
certificates
,
acceptSelfSignedCertificates
:
Bool
=
false
,
performDefaultValidation
:
Bool
=
true
,
validateHost
:
Bool
=
true
)
{
...
...
@@ -239,25 +221,25 @@ public final class PinnedCertificatesTrustEvaluator: ServerTrustEvaluating {
}
if
acceptSelfSignedCertificates
{
try
trust
.
setAnchorCertificates
(
certificates
)
try
trust
.
af
.
setAnchorCertificates
(
certificates
)
}
if
performDefaultValidation
{
try
trust
.
performDefaultEvalu
ation
(
forHost
:
host
)
try
trust
.
af
.
performDefaultValid
ation
(
forHost
:
host
)
}
if
validateHost
{
try
trust
.
validateHost
(
host
)
try
trust
.
af
.
performValidation
(
forHost
:
host
)
}
let
serverCertificatesData
=
Set
(
trust
.
certificateData
)
let
pinnedCertificatesData
=
Set
(
certificates
.
data
)
let
serverCertificatesData
=
Set
(
trust
.
af
.
certificateData
)
let
pinnedCertificatesData
=
Set
(
certificates
.
af
.
data
)
let
pinnedCertificatesInServerData
=
!
serverCertificatesData
.
isDisjoint
(
with
:
pinnedCertificatesData
)
if
!
pinnedCertificatesInServerData
{
throw
AFError
.
serverTrustEvaluationFailed
(
reason
:
.
certificatePinningFailed
(
host
:
host
,
trust
:
trust
,
pinnedCertificates
:
certificates
,
serverCertificates
:
trust
.
certificates
))
serverCertificates
:
trust
.
af
.
certificates
))
}
}
}
...
...
@@ -285,7 +267,7 @@ public final class PublicKeysTrustEvaluator: ServerTrustEvaluating {
/// - validateHost: Determines whether or not the evaluator should validate the host, in addition to
/// performing the default evaluation, even if `performDefaultValidation` is `false`.
/// Defaults to `true`.
public
init
(
keys
:
[
SecKey
]
=
Bundle
.
main
.
publicKeys
,
public
init
(
keys
:
[
SecKey
]
=
Bundle
.
main
.
af
.
publicKeys
,
performDefaultValidation
:
Bool
=
true
,
validateHost
:
Bool
=
true
)
{
self
.
keys
=
keys
...
...
@@ -299,15 +281,15 @@ public final class PublicKeysTrustEvaluator: ServerTrustEvaluating {
}
if
performDefaultValidation
{
try
trust
.
performDefaultEvalu
ation
(
forHost
:
host
)
try
trust
.
af
.
performDefaultValid
ation
(
forHost
:
host
)
}
if
validateHost
{
try
trust
.
validateHost
(
host
)
try
trust
.
af
.
performValidation
(
forHost
:
host
)
}
let
pinnedKeysInServerKeys
:
Bool
=
{
for
serverPublicKey
in
trust
.
publicKeys
as
[
AnyHashable
]
{
for
serverPublicKey
in
trust
.
af
.
publicKeys
as
[
AnyHashable
]
{
for
pinnedPublicKey
in
keys
as
[
AnyHashable
]
{
if
serverPublicKey
==
pinnedPublicKey
{
return
true
...
...
@@ -321,7 +303,7 @@ public final class PublicKeysTrustEvaluator: ServerTrustEvaluating {
throw
AFError
.
serverTrustEvaluationFailed
(
reason
:
.
publicKeyPinningFailed
(
host
:
host
,
trust
:
trust
,
pinnedKeys
:
keys
,
serverKeys
:
trust
.
publicKeys
))
serverKeys
:
trust
.
af
.
publicKeys
))
}
}
}
...
...
@@ -352,9 +334,30 @@ public final class DisabledEvaluator: ServerTrustEvaluating {
public
func
evaluate
(
_
trust
:
SecTrust
,
forHost
host
:
String
)
throws
{
}
}
extension
Bundle
{
// MARK: - Extensions
public
extension
Array
where
Element
==
ServerTrustEvaluating
{
#if os(Linux)
// Add this same convenience method for Linux.
#else
/// Evaluates the given `SecTrust` value for the given `host`.
///
/// - Parameters:
/// - trust: The `SecTrust` value to evaluate.
/// - host: The host for which to evaluate the `SecTrust` value.
/// - Returns: Whether or not the evaluator considers the `SecTrust` value valid for `host`.
func
evaluate
(
_
trust
:
SecTrust
,
forHost
host
:
String
)
throws
{
for
evaluator
in
self
{
try
evaluator
.
evaluate
(
trust
,
forHost
:
host
)
}
}
#endif
}
extension
Bundle
:
AlamofireExtended
{}
public
extension
AlamofireExtension
where
ExtendedType
:
Bundle
{
/// Returns all valid `cer`, `crt`, and `der` certificates in the bundle.
public
var
certificates
:
[
SecCertificate
]
{
var
certificates
:
[
SecCertificate
]
{
return
paths
(
forResourcesOfTypes
:
[
".cer"
,
".CER"
,
".crt"
,
".CRT"
,
".der"
,
".DER"
])
.
compactMap
{
path
in
guard
let
certificateData
=
try
?
Data
(
contentsOf
:
URL
(
fileURLWithPath
:
path
))
as
CFData
,
...
...
@@ -365,8 +368,8 @@ extension Bundle {
}
/// Returns all public keys for the valid certificates in the bundle.
public
var
publicKeys
:
[
SecKey
]
{
return
certificates
.
publicKeys
var
publicKeys
:
[
SecKey
]
{
return
certificates
.
af
.
publicKeys
}
/// Returns all pathnames for the resources identified by the provided file extensions.
...
...
@@ -374,47 +377,68 @@ extension Bundle {
/// - Parameter types: The filename extensions locate.
/// - Returns: All pathnames for the given filename extensions.
func
paths
(
forResourcesOfTypes
types
:
[
String
])
->
[
String
]
{
return
Array
(
Set
(
types
.
flatMap
{
paths
(
forResourcesOfType
:
$0
,
inDirectory
:
nil
)
}))
return
Array
(
Set
(
types
.
flatMap
{
type
.
paths
(
forResourcesOfType
:
$0
,
inDirectory
:
nil
)
}))
}
}
public
extension
SecTrust
{
extension
SecTrust
:
AlamofireExtended
{}
public
extension
AlamofireExtension
where
ExtendedType
==
SecTrust
{
/// Attempts to validate `self` using the policy provided and transforming any error produced using the closure passed.
///
/// - Parameters:
/// - policy: The `SecPolicy` used to evaluate `self`.
/// - errorProducer: The closure used transform the failed `OSStatus` and `SecTrustResultType`.
/// - Throws: Any error from applying the `policy`, or the result of `errorProducer` if validation fails.
func
validate
(
policy
:
SecPolicy
,
errorProducer
:
(
_
status
:
OSStatus
,
_
result
:
SecTrustResultType
)
->
Error
)
throws
{
try
apply
(
policy
:
policy
)
.
validate
(
errorProducer
:
errorProducer
)
}
func
validate
(
errorProducer
:
(
_
status
:
OSStatus
,
_
result
:
SecTrustResultType
)
->
Error
)
throws
{
var
result
=
SecTrustResultType
.
invalid
let
status
=
SecTrustEvaluate
(
self
,
&
result
)
guard
status
.
isSuccess
&&
result
.
isSuccess
else
{
throw
errorProducer
(
status
,
result
)
}
try
apply
(
policy
:
policy
)
.
af
.
validate
(
errorProducer
:
errorProducer
)
}
/// Applies a `SecPolicy` to `self`, throwing if it fails.
///
/// - Parameter policy: The `SecPolicy`.
/// - Returns: `self`, with the policy applied.
/// - Throws: An `AFError.serverTrustEvaluationFailed` instance with a `.policyApplicationFailed` reason.
func
apply
(
policy
:
SecPolicy
)
throws
->
SecTrust
{
let
status
=
SecTrustSetPolicies
(
self
,
policy
)
let
status
=
SecTrustSetPolicies
(
type
,
policy
)
guard
status
.
isSuccess
else
{
throw
AFError
.
serverTrustEvaluationFailed
(
reason
:
.
policyApplicationFailed
(
trust
:
self
,
guard
status
.
af
.
isSuccess
else
{
throw
AFError
.
serverTrustEvaluationFailed
(
reason
:
.
policyApplicationFailed
(
trust
:
type
,
policy
:
policy
,
status
:
status
))
}
return
self
return
type
}
/// Validate `self`, passing any failure values through `errorProducer`.
///
/// - Parameter errorProducer: The closure used to transform the failed `OSStatus` and `SecTrustResultType` into an
/// `Error`.
/// - Throws: The `Error` produced by the `errorProducer` closure.
func
validate
(
errorProducer
:
(
_
status
:
OSStatus
,
_
result
:
SecTrustResultType
)
->
Error
)
throws
{
var
result
=
SecTrustResultType
.
invalid
let
status
=
SecTrustEvaluate
(
type
,
&
result
)
guard
status
.
af
.
isSuccess
&&
result
.
af
.
isSuccess
else
{
throw
errorProducer
(
status
,
result
)
}
}
/// Sets a custom certificate chain on `self`, allowing full validation of a self-signed certificate and its chain.
///
/// - Parameter certificates: The `SecCertificate`s to add to the chain.
/// - Throws: Any error produced when applying the new certificate chain.
func
setAnchorCertificates
(
_
certificates
:
[
SecCertificate
])
throws
{
// Add additional anchor certificates.
let
status
=
SecTrustSetAnchorCertificates
(
self
,
certificates
as
CFArray
)
guard
status
.
isSuccess
else
{
let
status
=
SecTrustSetAnchorCertificates
(
type
,
certificates
as
CFArray
)
guard
status
.
af
.
isSuccess
else
{
throw
AFError
.
serverTrustEvaluationFailed
(
reason
:
.
settingAnchorCertificatesFailed
(
status
:
status
,
certificates
:
certificates
))
}
// Reenable system anchor certificates.
let
systemStatus
=
SecTrustSetAnchorCertificatesOnly
(
self
,
true
)
guard
systemStatus
.
isSuccess
else
{
let
systemStatus
=
SecTrustSetAnchorCertificatesOnly
(
type
,
true
)
guard
systemStatus
.
af
.
isSuccess
else
{
throw
AFError
.
serverTrustEvaluationFailed
(
reason
:
.
settingAnchorCertificatesFailed
(
status
:
systemStatus
,
certificates
:
certificates
))
}
...
...
@@ -422,38 +446,62 @@ public extension SecTrust {
/// The public keys contained in `self`.
var
publicKeys
:
[
SecKey
]
{
return
certificates
.
publicKeys
}
/// The `Data` values for all certificates contained in `self`.
var
certificateData
:
[
Data
]
{
return
certificates
.
data
return
certificates
.
af
.
publicKeys
}
/// The `SecCertificate`s contained i `self`.
var
certificates
:
[
SecCertificate
]
{
return
(
0
..<
SecTrustGetCertificateCount
(
self
))
.
compactMap
{
index
in
SecTrustGetCertificateAtIndex
(
self
,
index
)
return
(
0
..<
SecTrustGetCertificateCount
(
type
))
.
compactMap
{
index
in
SecTrustGetCertificateAtIndex
(
type
,
index
)
}
}
func
performDefaultEvaluation
(
forHost
host
:
String
)
throws
{
try
validate
(
policy
:
.
default
)
{
(
status
,
result
)
in
AFError
.
serverTrustEvaluationFailed
(
reason
:
.
defaultEvaluationFailed
(
output
:
.
init
(
host
,
self
,
status
,
result
)))
/// The `Data` values for all certificates contained in `self`.
var
certificateData
:
[
Data
]
{
return
certificates
.
af
.
data
}
/// Validates `self` after applying `SecPolicy.af.default`. This evaluation does not validate the hostname.
///
/// - Parameter host: The hostname, used only in the error output if validation fails.
/// - Throws: An `AFError.serverTrustEvaluationFailed` instance with a `.defaultEvaluationFailed` reason.
func
performDefaultValidation
(
forHost
host
:
String
)
throws
{
try
validate
(
policy
:
SecPolicy
.
af
.
default
)
{
(
status
,
result
)
in
AFError
.
serverTrustEvaluationFailed
(
reason
:
.
defaultEvaluationFailed
(
output
:
.
init
(
host
,
type
,
status
,
result
)))
}
}
func
validateHost
(
_
host
:
String
)
throws
{
try
validate
(
policy
:
.
hostname
(
host
))
{
(
status
,
result
)
in
AFError
.
serverTrustEvaluationFailed
(
reason
:
.
hostValidationFailed
(
output
:
.
init
(
host
,
self
,
status
,
result
)))
/// Validates `self` after applying `SecPolicy.af.hostname(host)`, which performs the default validation as well as
/// hostname validation.
///
/// - Parameter host: The hostname to use in the validation.
/// - Throws: An `AFError.serverTrustEvaluationFailed` instance with a `.defaultEvaluationFailed` reason.
func
performValidation
(
forHost
host
:
String
)
throws
{
try
validate
(
policy
:
SecPolicy
.
af
.
hostname
(
host
))
{
(
status
,
result
)
in
AFError
.
serverTrustEvaluationFailed
(
reason
:
.
hostValidationFailed
(
output
:
.
init
(
host
,
type
,
status
,
result
)))
}
}
}
extension
SecPolicy
{
extension
SecPolicy
:
AlamofireExtended
{}
public
extension
AlamofireExtension
where
ExtendedType
==
SecPolicy
{
/// Creates a `SecPolicy` instance which will validate server certificates but not require a host name match.
static
let
`
default
`
=
SecPolicyCreateSSL
(
true
,
nil
)
/// Creates a `SecPolicy` instance which will validate server certificates and much match the provided hostname.
///
/// - Parameter hostname: The hostname to validate against.
/// - Returns: The `SecPolicy`.
static
func
hostname
(
_
hostname
:
String
)
->
SecPolicy
{
return
SecPolicyCreateSSL
(
true
,
hostname
as
CFString
)
}
/// Creates a `SecPolicy` which checks the revocation of certificates.
///
/// - Parameter options: The `RevocationTrustEvaluator.Options` for evaluation.
/// - Returns: The `SecPolicy`.
/// - Throws: An `AFError.serverTrustEvaluationFailed` error with reason `.revocationPolicyCreationFailed`
/// if the policy cannot be created.
static
func
revocation
(
options
:
RevocationTrustEvaluator
.
Options
)
throws
->
SecPolicy
{
guard
let
policy
=
SecPolicyCreateRevocation
(
options
.
rawValue
)
else
{
throw
AFError
.
serverTrustEvaluationFailed
(
reason
:
.
revocationPolicyCreationFailed
)
...
...
@@ -463,24 +511,26 @@ extension SecPolicy {
}
}
extension
Array
where
Element
==
SecCertificate
{
extension
Array
:
AlamofireExtended
{}
public
extension
AlamofireExtension
where
ExtendedType
==
Array
<
SecCertificate
>
{
/// All `Data` values for the contained `SecCertificate`s.
var
data
:
[
Data
]
{
return
map
{
SecCertificateCopyData
(
$0
)
as
Data
}
return
type
.
map
{
SecCertificateCopyData
(
$0
)
as
Data
}
}
/// All public `SecKey` values for the contained `SecCertificate`s.
public
var
publicKeys
:
[
SecKey
]
{
return
compactMap
{
$0
.
publicKey
}
return
type
.
compactMap
{
$0
.
af
.
publicKey
}
}
}
extension
SecCertificate
{
extension
SecCertificate
:
AlamofireExtended
{}
public
extension
AlamofireExtension
where
ExtendedType
==
SecCertificate
{
/// The public key for `self`, if it can be extracted.
var
publicKey
:
SecKey
?
{
let
policy
=
SecPolicyCreateBasicX509
()
var
trust
:
SecTrust
?
let
trustCreationStatus
=
SecTrustCreateWithCertificates
(
self
,
policy
,
&
trust
)
let
trustCreationStatus
=
SecTrustCreateWithCertificates
(
type
,
policy
,
&
trust
)
guard
let
createdTrust
=
trust
,
trustCreationStatus
==
errSecSuccess
else
{
return
nil
}
...
...
@@ -488,12 +538,16 @@ extension SecCertificate {
}
}
extension
OSStatus
{
var
isSuccess
:
Bool
{
return
self
==
errSecSuccess
}
extension
OSStatus
:
AlamofireExtended
{}
public
extension
AlamofireExtension
where
ExtendedType
==
OSStatus
{
/// Returns whether `self` is `errSecSuccess`.
var
isSuccess
:
Bool
{
return
type
==
errSecSuccess
}
}
extension
SecTrustResultType
{
extension
SecTrustResultType
:
AlamofireExtended
{}
public
extension
AlamofireExtension
where
ExtendedType
==
SecTrustResultType
{
/// Returns whether `self is `.unspecified` or `.proceed`.
var
isSuccess
:
Bool
{
return
(
self
==
.
unspecified
||
self
==
.
proceed
)
return
(
type
==
.
unspecified
||
type
==
.
proceed
)
}
}
Source/Session.swift
浏览文件 @
34b43bd7
...
...
@@ -74,7 +74,7 @@ open class Session {
delegate
.
stateProvider
=
self
}
public
convenience
init
(
configuration
:
URLSessionConfiguration
=
.
alamofireD
efault
,
public
convenience
init
(
configuration
:
URLSessionConfiguration
=
URLSessionConfiguration
.
af
.
d
efault
,
delegate
:
SessionDelegate
=
SessionDelegate
(),
rootQueue
:
DispatchQueue
=
DispatchQueue
(
label
:
"org.alamofire.sessionManager.rootQueue"
),
startRequestsImmediately
:
Bool
=
true
,
...
...
Source/URLRequest+Alamofire.swift
浏览文件 @
34b43bd7
...
...
@@ -24,9 +24,9 @@
import
Foundation
extension
URLRequest
{
public
extension
URLRequest
{
var
method
:
HTTPMethod
?
{
guard
let
httpMethod
=
self
.
httpMethod
else
{
return
nil
}
guard
let
httpMethod
=
httpMethod
else
{
return
nil
}
return
HTTPMethod
(
rawValue
:
httpMethod
)
}
}
Source/URLSessionConfiguration+Alamofire.swift
浏览文件 @
34b43bd7
...
...
@@ -24,8 +24,9 @@
import
Foundation
extension
URLSessionConfiguration
{
public
static
var
alamofireDefault
:
URLSessionConfiguration
{
extension
URLSessionConfiguration
:
AlamofireExtended
{
}
extension
AlamofireExtension
where
ExtendedType
:
URLSessionConfiguration
{
public
static
var
`
default
`:
URLSessionConfiguration
{
let
configuration
=
URLSessionConfiguration
.
default
configuration
.
httpHeaders
=
.
default
...
...
Tests/RequestTests.swift
浏览文件 @
34b43bd7
...
...
@@ -306,7 +306,7 @@ class RequestDebugDescriptionTestCase: BaseTestCase {
var
headers
=
HTTPHeaders
.
default
headers
[
"Accept-Language"
]
=
"en-US"
let
configuration
=
URLSessionConfiguration
.
a
lamofireD
efault
let
configuration
=
URLSessionConfiguration
.
a
f
.
d
efault
configuration
.
httpHeaders
=
headers
let
manager
=
Session
(
configuration
:
configuration
)
...
...
@@ -318,7 +318,7 @@ class RequestDebugDescriptionTestCase: BaseTestCase {
var
headers
=
HTTPHeaders
.
default
headers
[
"Content-Type"
]
=
"application/json"
let
configuration
=
URLSessionConfiguration
.
a
lamofireD
efault
let
configuration
=
URLSessionConfiguration
.
a
f
.
d
efault
configuration
.
httpHeaders
=
headers
let
manager
=
Session
(
configuration
:
configuration
)
...
...
@@ -327,14 +327,14 @@ class RequestDebugDescriptionTestCase: BaseTestCase {
}()
func
managerWithCookie
(
_
cookie
:
HTTPCookie
)
->
Session
{
let
configuration
=
URLSessionConfiguration
.
a
lamofireD
efault
let
configuration
=
URLSessionConfiguration
.
a
f
.
d
efault
configuration
.
httpCookieStorage
?
.
setCookie
(
cookie
)
return
Session
(
configuration
:
configuration
)
}
let
managerDisallowingCookies
:
Session
=
{
let
configuration
=
URLSessionConfiguration
.
a
lamofireD
efault
let
configuration
=
URLSessionConfiguration
.
a
f
.
d
efault
configuration
.
httpShouldSetCookies
=
false
let
manager
=
Session
(
configuration
:
configuration
)
...
...
Tests/ServerTrustEvaluatorTests.swift
浏览文件 @
34b43bd7
...
...
@@ -1110,7 +1110,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafValidDNSName
.
trust
let
keys
=
[
TestCertificates
.
leafValidDNSName
]
.
publicKeys
let
keys
=
[
TestCertificates
.
leafValidDNSName
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
,
validateHost
:
false
)
// When
...
...
@@ -1125,7 +1125,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafValidDNSName
.
trust
let
keys
=
[
TestCertificates
.
intermediateCA2
]
.
publicKeys
let
keys
=
[
TestCertificates
.
intermediateCA2
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
,
validateHost
:
false
)
// When
...
...
@@ -1140,7 +1140,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafValidDNSName
.
trust
let
keys
=
[
TestCertificates
.
rootCA
]
.
publicKeys
let
keys
=
[
TestCertificates
.
rootCA
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
,
validateHost
:
false
)
// When
...
...
@@ -1155,7 +1155,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafValidDNSName
.
trust
let
keys
=
[
TestCertificates
.
leafSignedByCA2
]
.
publicKeys
let
keys
=
[
TestCertificates
.
leafSignedByCA2
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
,
validateHost
:
false
)
// When
...
...
@@ -1170,7 +1170,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafValidDNSName
.
trust
let
keys
=
[
TestCertificates
.
leafSignedByCA1
,
TestCertificates
.
intermediateCA1
,
TestCertificates
.
leafValidDNSName
]
.
publicKeys
let
keys
=
[
TestCertificates
.
leafSignedByCA1
,
TestCertificates
.
intermediateCA1
,
TestCertificates
.
leafValidDNSName
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
,
validateHost
:
false
)
// When
...
...
@@ -1187,7 +1187,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafValidDNSName
.
trust
let
keys
=
[
TestCertificates
.
leafValidDNSName
]
.
publicKeys
let
keys
=
[
TestCertificates
.
leafValidDNSName
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
)
// When
...
...
@@ -1202,7 +1202,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafValidDNSName
.
trust
let
keys
=
[
TestCertificates
.
intermediateCA2
]
.
publicKeys
let
keys
=
[
TestCertificates
.
intermediateCA2
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
)
// When
...
...
@@ -1217,7 +1217,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafValidDNSName
.
trust
let
keys
=
[
TestCertificates
.
rootCA
]
.
publicKeys
let
keys
=
[
TestCertificates
.
rootCA
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
)
// When
...
...
@@ -1232,7 +1232,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafValidDNSName
.
trust
let
keys
=
[
TestCertificates
.
leafSignedByCA2
]
.
publicKeys
let
keys
=
[
TestCertificates
.
leafSignedByCA2
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
)
// When
...
...
@@ -1247,7 +1247,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafValidDNSName
.
trust
let
keys
=
[
TestCertificates
.
leafSignedByCA1
,
TestCertificates
.
intermediateCA1
,
TestCertificates
.
leafValidDNSName
]
.
publicKeys
let
keys
=
[
TestCertificates
.
leafSignedByCA1
,
TestCertificates
.
intermediateCA1
,
TestCertificates
.
leafValidDNSName
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
)
// When
...
...
@@ -1264,7 +1264,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafValidDNSNameMissingIntermediate
.
trust
let
keys
=
[
TestCertificates
.
leafValidDNSName
]
.
publicKeys
let
keys
=
[
TestCertificates
.
leafValidDNSName
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
,
performDefaultValidation
:
false
,
validateHost
:
false
)
...
...
@@ -1281,7 +1281,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafValidDNSNameMissingIntermediate
.
trust
let
keys
=
[
TestCertificates
.
rootCA
]
.
publicKeys
let
keys
=
[
TestCertificates
.
rootCA
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
,
performDefaultValidation
:
false
,
validateHost
:
false
)
...
...
@@ -1298,7 +1298,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafValidDNSNameWithIncorrectIntermediate
.
trust
let
keys
=
[
TestCertificates
.
leafValidDNSName
]
.
publicKeys
let
keys
=
[
TestCertificates
.
leafValidDNSName
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
,
performDefaultValidation
:
false
,
validateHost
:
false
)
...
...
@@ -1315,7 +1315,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafExpired
.
trust
let
keys
=
[
TestCertificates
.
leafExpired
]
.
publicKeys
let
keys
=
[
TestCertificates
.
leafExpired
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
,
performDefaultValidation
:
false
,
validateHost
:
false
)
...
...
@@ -1332,7 +1332,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafExpired
.
trust
let
keys
=
[
TestCertificates
.
intermediateCA2
]
.
publicKeys
let
keys
=
[
TestCertificates
.
intermediateCA2
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
,
performDefaultValidation
:
false
,
validateHost
:
false
)
...
...
@@ -1349,7 +1349,7 @@ class ServerTrustPolicyPinPublicKeysTestCase: ServerTrustPolicyTestCase {
// Given
let
host
=
"test.alamofire.org"
let
serverTrust
=
TestTrusts
.
leafExpired
.
trust
let
keys
=
[
TestCertificates
.
rootCA
]
.
publicKeys
let
keys
=
[
TestCertificates
.
rootCA
]
.
af
.
publicKeys
let
serverTrustPolicy
=
PublicKeysTrustEvaluator
(
keys
:
keys
,
performDefaultValidation
:
false
,
validateHost
:
false
)
...
...
@@ -1461,7 +1461,7 @@ class ServerTrustPolicyCertificatesInBundleTestCase: ServerTrustPolicyTestCase {
// keyDER.der: DER-encoded key, not a certificate, should fail
// When
let
certificates
=
Bundle
(
for
:
ServerTrustPolicyCertificatesInBundleTestCase
.
self
)
.
certificates
let
certificates
=
Bundle
(
for
:
ServerTrustPolicyCertificatesInBundleTestCase
.
self
)
.
af
.
certificates
// Then
// Expectation: 19 well-formed certificates in the test bundle plus 4 invalid certificates.
...
...
Tests/TLSEvaluationTests.swift
浏览文件 @
34b43bd7
...
...
@@ -423,7 +423,7 @@ class TLSEvaluationExpiredLeafCertificateTestCase: BaseTestCase {
func
testThatExpiredCertificateRequestFailsWhenPinningLeafPublicKeyWithCertificateChainValidation
()
{
// Given
let
keys
=
[
TestCertificates
.
leaf
]
.
publicKeys
let
keys
=
[
TestCertificates
.
leaf
]
.
af
.
publicKeys
let
evaluators
=
[
expiredHost
:
PublicKeysTrustEvaluator
(
keys
:
keys
)
]
...
...
@@ -457,7 +457,7 @@ class TLSEvaluationExpiredLeafCertificateTestCase: BaseTestCase {
func
testThatExpiredCertificateRequestSucceedsWhenPinningLeafPublicKeyWithoutCertificateChainOrHostValidation
()
{
// Given
let
keys
=
[
TestCertificates
.
leaf
]
.
publicKeys
let
keys
=
[
TestCertificates
.
leaf
]
.
af
.
publicKeys
let
evaluators
=
[
expiredHost
:
PublicKeysTrustEvaluator
(
keys
:
keys
,
performDefaultValidation
:
false
,
validateHost
:
false
)
]
...
...
@@ -485,7 +485,7 @@ class TLSEvaluationExpiredLeafCertificateTestCase: BaseTestCase {
func
testThatExpiredCertificateRequestSucceedsWhenPinningIntermediateCAPublicKeyWithoutCertificateChainOrHostValidation
()
{
// Given
let
keys
=
[
TestCertificates
.
intermediateCA2
]
.
publicKeys
let
keys
=
[
TestCertificates
.
intermediateCA2
]
.
af
.
publicKeys
let
evaluators
=
[
expiredHost
:
PublicKeysTrustEvaluator
(
keys
:
keys
,
performDefaultValidation
:
false
,
validateHost
:
false
)
]
...
...
@@ -513,7 +513,7 @@ class TLSEvaluationExpiredLeafCertificateTestCase: BaseTestCase {
func
testThatExpiredCertificateRequestSucceedsWhenPinningRootCAPublicKeyWithoutCertificateChainValidation
()
{
// Given
let
keys
=
[
TestCertificates
.
rootCA
]
.
publicKeys
let
keys
=
[
TestCertificates
.
rootCA
]
.
af
.
publicKeys
let
evaluators
=
[
expiredHost
:
PublicKeysTrustEvaluator
(
keys
:
keys
,
performDefaultValidation
:
false
,
validateHost
:
false
)
]
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录