如官方文档[1]所述,我一直在尝试使用Cordova Advanced HTTP插件[2]在Ionic + Angular +电容器项目中实现SSL固定。
但是,每次我使用Xcode打开iOS应用程序时,它都会记录一条错误[3],说明证书无效,我认为这是错误的。
2019-07-02 09:20:13.211085+0530 App[481:58424] TIC SSL Trust Error [1:0x280002100]: 3:0
2019-07-02 09:20:13.228677+0530 App[481:58424] NSURLSession/NSURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9813)
2019-07-02 09:20:13.228721+0530 App[481:58424] Task <46E01436-B71E-421D-B8F0-584EBEBEDD56>.<1> HTTP load failed (error code: -1202 [3:-9813])
2019-07-02 09:20:13.228908+0530 App[481:58418] Task <46E01436-B71E-421D-B8F0-584EBEBEDD56>.<1> finished with error - code: -1202
2019-07-02 09:20:13.231665+0530 App[481:58415] Task <46E01436-B71E-421D-B8F0-584EBEBEDD56>.<1> load failed with error Error Domain=NSURLErrorDomain Code=-1202 "The certificate for this server is invalid. You might be connecting to a server that is pretending to be “reqres.in” which could put your confidential information at risk." UserInfo={NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, NSErrorPeerCertificateChainKey=(
"<cert(0x10408e200) s: sni96286.cloudflaressl.com i: COMODO ECC Domain Validation Secure Server CA 2>",
"<cert(0x104067800) s: COMODO ECC Domain Validation Secure Server CA 2 i: COMODO ECC Certification Authority>",
"<cert(0x10408ee00) s: COMODO ECC Certification Authority i: AddTrust External CA Root>"
), NSErrorClientCertificateStateKey=0, NSErrorFailingURLKey=https://reqres.in/api/users/2, NSErrorFailingURLStringKey=https://reqres.in/api/users/2, NSUnderlyingError=0x283b578d0 {Error Domain=kCFErrorDomainCFNetwork Code=-1202 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, kCFStreamPropertySSLPeerTrust=<SecTrustRef: 0x28070d4d0>, _kCFNetworkCFStreamSSLErrorOriginalValue=-9813, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9813, kCFStreamPropertySSLPeerCertificates=(
"<cert(0x10408e200) s: sni96286.cloudflaressl.com i: COMODO ECC Domain Validation Secure Server CA 2>",
"<cert(0x104067800) s: COMODO ECC Domain Validation Secure Server CA 2 i: COMODO ECC Certification Authority>",
"<cert(0x10408ee00) s: COMODO ECC Certification Authority i: AddTrust External CA Root>"
)}}, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <46E01436-B71E-421D-B8F0-584EBEBEDD56>.<1>"
), _kCFStreamErrorCodeKey=-9813, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <46E01436-B71E-421D-B8F0-584EBEBEDD56>.<1>, NSURLErrorFailingURLPeerTrustErrorKey=<SecTrustRef: 0x28070d4d0>, NSLocalizedDescription=The certificate for this server is invalid. You might be connecting to a server that is pretending to be “reqres.in” which could put your confidential information at risk.} [-1202]
⚡️ [log] - -2
⚡️ [log] - The certificate for this server is invalid. You might be connecting to a server that is pretending to be “reqres.in” which could put your confidential information at risk.
⚡️ [log] - undefined
我的示例应用程序及其执行的步骤可在GitHub [4]上找到,我想知道如何将SSL Pinning正确集成到我的应用程序中。理想情况下,如果您可以派生/克隆我的项目并尝试其中的变通方法,那么对所有人来说都会很方便。
[1] https://ionicframework.com/docs/native/http
[2] https://github.com/silkimen/cordova-plugin-advanced-http
[3] https://github.com/ashenwgt/ionic-capacitor-ssl-pinning/blob/master/logs/xcode-log.backup
[4] https://github.com/ashenwgt/ionic-capacitor-ssl-pinning
任何帮助将不胜感激。
Ionic 5.4.15版本解决方案。
要在SSL中启用SSL固定,请在根文件夹中创建一个目录,例如“证书”,然后将所有证书放入此文件夹。重要说明:此文件夹中的所有证书都必须带有后缀.cer !!!
在那之后修改根项目目录中的angular.json将这部分附加到“ assets”数组的所有出现。
{
"glob": "**/*",
"input": "certificates",
"output": "certificates"
}
然后删除根项目中的www目录并运行“ ionic build”,它将在您的www文件夹中生成新的子目录“证书”]
使用打字稿中的证书:
我正在使用离子本机http和cordova-advanced-http-plugin
安装:
ionic cordova plugin add cordova-plugin-advanced-http npm install @ionic-native/http导入您的根目录xyz.module.ts文件:
import { HTTP } from '@ionic-native/http/ngx';附加到提供者:
providers: [ StatusBar, SplashScreen, **HTTP**, { provide: RouteReuseStrategy, useClass: IonicRouteStrategy } ],导入页面/组件中的xyz.ts文件:
import { HTTP } from '@ionic-native/http/ngx';在构造函数中声明:
constructor(private http: HTTP) {}在提出任何请求之前固定证书:
async ngOnInit() { await this.platform.ready(); this.advHttp.setServerTrustMode('pinned').then((res: any) => { }, (error) => { this.helpers.showError(error); }); this.advHttp.setRequestTimeout(5); }现在您已全部设置,可以使用https请求!文件:https://ionicframework.com/docs/native/http