Alamofire证书校验的几种方式

校验颁发机构

let sessionConfiguration = URLSessionConfiguration.default
sessionConfiguration.timeoutIntervalForRequest = 20
let sessionDelegate = SessionDelegate()
sessionDelegate.sessionDidReceiveChallengeWithCompletion = { (session, challenge, completion) in
        var disposition: URLSession.AuthChallengeDisposition = .performDefaultHandling
        var credential: URLCredential?
        disposition = URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge
        if challenge.protectionSpace.authenticationMethod
            == NSURLAuthenticationMethodServerTrust {
            let trust = challenge.protectionSpace.serverTrust!
            var trustResult = SecTrustResultType.invalid
            let status = SecTrustEvaluate(trust, &trustResult)
            if status == errSecSuccess && (trustResult == .proceed || trustResult == .unspecified) {
                var trusted = false
                for index in 0..

校验公钥

var serverTrustPolicies: [String: ServerTrustPolicy] = [:]
    #if DEBUG
    #else
    //要校验的域名数组
    let cerStrArr = [
        "www.baidu.com",
        "www.test.com"
    ]
    cerStrArr.forEach {
        serverTrustPolicies[$0] = ServerTrustPolicy.pinPublicKeys(
            publicKeys: ServerTrustPolicy.publicKeys(),
            
            validateCertificateChain: true,
            
            validateHost: true
        )
    }
    #endif
    let sessionConfiguration = URLSessionConfiguration.default
    sessionConfiguration.timeoutIntervalForRequest = 20
    let sessionDelegate = SessionDelegate()
    let manager = SessionManager(configuration: sessionConfiguration,
                          delegate: sessionDelegate,
                          serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies))

证书完全校验

    let sessionConfiguration = URLSessionConfiguration.default
    sessionConfiguration.timeoutIntervalForRequest = 30
    let sessionDelegate = SessionDelegate()
    sessionDelegate.sessionDidReceiveChallenge = { _, challenge in
 #if DEBUG
 return  (URLSession.AuthChallengeDisposition.useCredential,URLCredential(trust:challenge.protectionSpace.serverTrust!))
 #else
        if challenge.protectionSpace.authenticationMethod
            == NSURLAuthenticationMethodServerTrust {
            let serverTrust = challenge.protectionSpace.serverTrust!
            let certificate = SecTrustGetCertificateAtIndex(serverTrust, 0)
            let remoteCertificateData = CFBridgingRetain(SecCertificateCopyData(certificate!))!
            let localCertificateData = ServerTrustPolicy.certificates().map { SecCertificateCopyData($0) as Data }
            var equal = false
            for local in localCertificateData {
                if local == remoteCertificateData as! Data {
                    equal = true
                    break
                }
            }
            if equal {
                let credential = URLCredential(trust: serverTrust)
                challenge.sender!.continueWithoutCredential(for: challenge)
                challenge.sender?.use(credential, for: challenge)
                return (URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
                
            } else {
                challenge.sender?.cancel(challenge)
                return (URLSession.AuthChallengeDisposition.cancelAuthenticationChallenge, nil) }
        } else {
            return (URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!))
        }
        #endif
    }
    
    return SessionManager(configuration: sessionConfiguration, delegate: sessionDelegate)