Alamofire: Does ServerTrustPolicyManager support wildcard domain name?

Created on 6 Jul 2016  ·  5Comments  ·  Source: Alamofire/Alamofire

For example, all *.apple.com should use a same serverTrustPolicy. 

    let certificates = ServerTrustPolicy.certificatesInBundle(NSBundle.mainBundle())
    let serverTrustPolicy = ServerTrustPolicy.PinCertificates(
        certificates: certificates,
        validateCertificateChain: true,
        validateHost: true
    )

    let manager = Manager(
        configuration: NSURLSessionConfiguration.defaultSessionConfiguration(),
        serverTrustPolicyManager: ServerTrustPolicyManager(policies: [
            "apple.com": serverTrustPolicy,
            "*.apple.com": serverTrustPolicy
        ])
    )
feature request support
Source
picture frogcjn
👍1

Most helpful comment

Example implementation if anyone needs one:

class WildcardServerTrustPolicyManager: ServerTrustPolicyManager {
    override func serverTrustPolicy(forHost host: String) -> ServerTrustPolicy? {
        if let policy = policies[host] {
            return policy
        }
        var domainComponents = host.split(separator: ".")
        if domainComponents.count == 3 {
            domainComponents[0] = "*"
            let wildcardHost = domainComponents.joined(separator: ".")
            return policies[wildcardHost]
        }
        return nil
    }
}
picture rausnitz on 4 Apr 2019
👍3

All 5 comments

OK. I'm now checking the document in the source file.

Subclasses could override
        this method and implement more complex mapping implementations such as wildcards.
frogcjn picture frogcjn on 6 Jul 2016

As you can see, Alamofire doesn't currently support this. We'll keep it in mind for the future though.

jshier picture jshier on 8 Jul 2016
👍1

👍

txaiwieser picture txaiwieser on 29 Jan 2018

Example implementation if anyone needs one:

class WildcardServerTrustPolicyManager: ServerTrustPolicyManager {
    override func serverTrustPolicy(forHost host: String) -> ServerTrustPolicy? {
        if let policy = policies[host] {
            return policy
        }
        var domainComponents = host.split(separator: ".")
        if domainComponents.count == 3 {
            domainComponents[0] = "*"
            let wildcardHost = domainComponents.joined(separator: ".")
            return policies[wildcardHost]
        }
        return nil
    }
}
rausnitz picture rausnitz on 4 Apr 2019
👍3

If you are using Alamofire 5+:

class WildcardServerTrustPolicyManager: ServerTrustManager {
    override func serverTrustEvaluator(forHost host: String) throws -> ServerTrustEvaluating? {
        if let policy = evaluators[host] {
            return policy
        }
        var domainComponents = host.split(separator: ".")
        if domainComponents.count > 2 {
            domainComponents[0] = "*"
            let wildcardHost = domainComponents.joined(separator: ".")
            return evaluators[wildcardHost]
        }
        return nil
    }
}

Then in the implementation:

public lazy var session: Session = {
    let configuration: URLSessionConfiguration = URLSessionConfiguration.default
    configuration.timeoutIntervalForRequest = 300

    let evaluators: [String: ServerTrustEvaluating] = [
        "*.example.com": PinnedCertificatesTrustEvaluator()
    ]

    let manager = WildcardServerTrustPolicyManager(evaluators: evaluators)

    return Session(configuration: configuration, serverTrustManager: manager)
}()
pableiros picture pableiros on 7 Jan 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

dpstart picture dpstart  ·  3Comments
sarbogast picture sarbogast  ·  3Comments
hengchengfei picture hengchengfei  ·  3Comments
zhouhao27 picture zhouhao27  ·  3Comments
noear picture noear  ·  3Comments