Thursday, July 14, 2022
HomeiOS developmentios - Why is Alamofire public key pinning not working?

ios – Why is Alamofire public key pinning not working?

I’m making an attempt to carry out public key pinning utilizing Alamofire and Moya.

I’m constructing my very own customized Alamofire Session and passing it to my Moya supplier.
I’ve learn the documentation of Alamofire on the way to carry out public key pinning which is summarized by these few strains of code:

let configuration = URLSessionConfiguration.default
let trustManager = ServerTrustManager(evaluators: ["": PublicKeysTrustEvaluator()])
return MySession(configuration: configuration, serverTrustManager: trustManager)

My understanding is that PublicKeysTrustEvaluator() will filter via all certificates present in Bundle.most important and extract the general public keys and carry out public key pinning in opposition to the host. If at the least one succeeds, then the server belief is taken into account legitimate.

Right here is a few code from the Alamofire undertaking:

extension AlamofireExtension the place ExtendedType: Bundle {
    /// Returns all legitimate `cer`, `crt`, and `der` certificates within the bundle.
    public var certificates: [SecCertificate] {
        paths(forResourcesOfTypes: [".cer", ".CER", ".crt", ".CRT", ".der", ".DER"]).compactMap { path in
                let certificateData = strive? Information(contentsOf: URL(fileURLWithPath: path)) as CFData,
                let certificates = SecCertificateCreateWithData(nil, certificateData) else { return nil }

            return certificates

    /// Returns all public keys for the legitimate certificates within the bundle.
    public var publicKeys: [SecKey] {

Why is Alamofire permitting the usage of .cer/.crt information if the operate SecCertificateCreateWithData solely expects DER codecs?

The operate paths is returning my .cer file however Bundle.most is empty as a result of this name SecCertificateCreateWithData at all times fails.

Ought to I convert my certificates to DER format?

If that’s the case, how ought to I do that?

The output of this name will not be being discovered by the operate paths(forResourcesOfTypes talked about above.

openssl x509 -outform der -in certificatename.pem -out certificatename.der



Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments