如何让 Apollo 客户端 iOS 接受自签名证书

如何解决如何让 Apollo 客户端 iOS 接受自签名证书

如何让 ApolloClient 接受自签名证书？我们将它用于内部应用程序，由于认证问题，对 GraphQL 端点的调用失败。我在存储库问题中发现了 this thread，但自那次讨论以来，API 似乎发生了一些变化，目前正确的方法是我不知道的。

目前，我的集成测试下降到 .failure 分支报告证书验证问题：

        let apollo = AppConstants.current.apollo
        apollo.fetch( query: DriverStatementsIncompleteQuery( onepass: "test-user" ) ) { result in
            switch result {
            case .success( let results ):
                print( results )
                XCTAssertNil( results.errors )
                self.completedExpectation.fulfill()
            case .failure( let error ):
                XCTFail( error.localizedDescription )
                self.completedExpectation.fulfill()
            }
        }
        wait( for: [self.completedExpectation],timeout: 5 )

解决方法

Apollo iOS 团队的 Ellen Shapiro 非常友好地为我指明了正确的方向。这是我最后的结果：

public struct PromiscuousApolloClientFactory {
    /// Creates an `ApolloClient` instance that is configured to work with certificates that the
    /// OS would otherwise deem invalid,like those that are self-signed.
    /// - Parameter endpointURL: The URL of the GraphQL endpoint.
    /// - Returns: The configured `ApolloClient` instance.
    public static func make( with endpointURL: URL ) -> ApolloClient {
        let store = ApolloStore( cache: InMemoryNormalizedCache() )
        let sessionConfig = URLSessionConfiguration.default
        let client = PromiscuousURLSessionClient( sessionConfiguration: sessionConfig )
        let provider = LegacyInterceptorProvider( client: client,store: store )
        let transport = RequestChainNetworkTransport( interceptorProvider: provider,endpointURL: endpointURL )
        
        return ApolloClient( networkTransport: transport,store: store )
    }
}

private class PromiscuousURLSessionClient: URLSessionClient {
    override func urlSession( _ session: URLSession,didReceive challenge: URLAuthenticationChallenge,completionHandler: @escaping ( URLSession.AuthChallengeDisposition,URLCredential? ) -> Void ) {
        let protectionSpace = challenge.protectionSpace
        
        guard protectionSpace.authenticationMethod == NSURLAuthenticationMethodServerTrust,let serverTrust = protectionSpace.serverTrust else {
                completionHandler( .performDefaultHandling,nil )
                return
        }
        
        let credential = URLCredential( trust: serverTrust )
        completionHandler( .useCredential,credential )
    }
}

注意事项：这通常是一种不好的做法，因为它会短路对您有利的安全保护。如果您有使用操作系统可以验证的证书的路径，请改为执行此操作。 :)