Getting client certificate to work for mutual authentication using Swift 3 and Alamofire 4

by

I was able to get it to work. A few issues got into the way. First, you have to allow IOS to accept self signed certificates. This requires to set up AlamoFire serverTrustPolicy:

let serverTrustPolicies: [String: ServerTrustPolicy] = [
        "your-domain.com": .disableEvaluation
    ]

self.sessionManager = Alamofire.SessionManager(
        serverTrustPolicyManager: ServerTrustPolicyManager(policies: serverTrustPolicies)
    )

From there, you have to override the sessionDidRecieveChallenge to send the client certificate. Because i wanted to use a p12 file I modified some code I found elsewhere (sorry i don’t have the source anymore) to make is Swift 3.0 to import the p12 using foundation classes:

import Foundation

public class PKCS12  {
    var label:String?
    var keyID:Data?
    var trust:SecTrust?
    var certChain:[SecTrust]?
    var identity:SecIdentity?

    let securityError:OSStatus

    public init(data:Data, password:String) {

        //self.securityError = errSecSuccess

        var items:CFArray?
        let certOptions:NSDictionary = [kSecImportExportPassphrase as NSString:password as NSString]

        // import certificate to read its entries
        self.securityError = SecPKCS12Import(data as NSData, certOptions, &items);

        if securityError == errSecSuccess {
            let certItems:Array = (items! as Array)
            let dict:Dictionary<String, AnyObject> = certItems.first! as! Dictionary<String, AnyObject>;

            self.label = dict[kSecImportItemLabel as String] as? String;
            self.keyID = dict[kSecImportItemKeyID as String] as? Data;
            self.trust = dict[kSecImportItemTrust as String] as! SecTrust?;
            self.certChain = dict[kSecImportItemCertChain as String] as? Array<SecTrust>;
            self.identity = dict[kSecImportItemIdentity as String] as! SecIdentity?;
        }


    }

    public convenience init(mainBundleResource:String, resourceType:String, password:String) {
        self.init(data: NSData(contentsOfFile: Bundle.main.path(forResource: mainBundleResource, ofType:resourceType)!)! as Data, password: password);
    }

    public func urlCredential()  -> URLCredential  {
        return URLCredential(
            identity: self.identity!,
            certificates: self.certChain!,
            persistence: URLCredential.Persistence.forSession);

    }



}

This will allow me to import the file, and send it back to the client.

let cert = PKCS12.init(mainBundleResource: "cert", resourceType: "p12", password: "password");

self.sessionManager.delegate.sessionDidReceiveChallenge = { session, challenge in
        if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodClientCertificate {
            return (URLSession.AuthChallengeDisposition.useCredential, self.cert.urlCredential());
        }
        if challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust {
            return (URLSession.AuthChallengeDisposition.useCredential, URLCredential(trust: challenge.protectionSpace.serverTrust!));
        }
        return (URLSession.AuthChallengeDisposition.performDefaultHandling, Optional.none);
    }

Now you can use the sessionManager to create as many calls as you need to.

As a note, i’ve also added the following to the info.plist as recomended to get around the new security features in newer iOS features:

<key>NSAppTransportSecurity</key>
    <dict>
        <key>NSAllowsArbitraryLoads</key>
        <true/>
        <key>NSExceptionDomains</key>
        <dict>
            <key>your-domain.com</key>
            <dict>
                <key>NSIncludesSubdomains</key>
                <true/>
                <key>NSExceptionRequiresForwardSecrecy</key>
                <false/>
                <key>NSExceptionAllowsInsecureHTTPLoads</key>
                <true/>
            </dict>
        </dict>
    </dict>

I hope this helps!

More Related Contents:

  1. How to post nested json by SwiftyJson and Alamofire?
  2. Why am I unable to do a simple Alamofire request?
  3. Type ‘Any’ Has no Subscript Members in Xcode 8.1 Swift 3
  4. iOS/Swift: Making the source code of an app visible?
  5. Creation of JSON array in swift 3
  6. DateFormatter doesn’t return date for “HH:mm:ss”
  7. How to return value from Alamofire
  8. Swift saving and retrieving custom object from UserDefaults
  9. Using SSL in an iPhone App – Export Compliance
  10. Send POST parameters with MultipartFormData using Alamofire, in iOS Swift
  11. How to implement method swizzling swift 3.0?
  12. How to create managedObjectContext using Swift 3 in Xcode 8?
  13. Strange generic function appear in view controller after converting to swift 3
  14. Alamofire invalid value around character 0
  15. Using ScrollView Programmatically in Swift 3
  16. How to open an URL in Swift?
  17. Swift 3 – Comparing Date objects
  18. Selector in swift3
  19. Can’t Hide Status Bar—Swift 3, [duplicate]
  20. Redirect NSLog to File in Swift not working
  21. How to push and present to UIViewController programmatically without segue in iOS Swift 3
  22. Why would a `scheduledTimer` fire properly when setup outside a block, but not within a block?
  23. Using SecRandomCopyBytes in Swift
  24. UITableViewCell Buttons with action
  25. Quitting app causes error “Message from debugger: Terminated due to signal 9”
  26. AlamoFire Download in Background Session
  27. Create Directory in Swift 3.0
  28. How to use NetworkReachabilityManager in Alamofire
  29. Swift 3: Unrecognized selector sent to instance Xcode 8 [duplicate]
  30. How to Read Plist without using NSDictionary in Swift?

Leave a Comment