cepages · June 2, 2020 15:03
diff --git a/Using Self signed cert for WKWebview b/Using Self signed cert for WKWebview
 import Foundation
 import WebKit

 class SelfSignedCert: NSObject, WKNavigationDelegate {
    
    private let CERT_NAME = "ca"
    private let CERT_TYPE = "der"
    
    public func webView(_ webView: WKWebView, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
        
        if challenge.protectionSpace.authenticationMethod != NSURLAuthenticationMethodServerTrust {
            
            NSLog("SelfSignedCert: Unexpected authentication method \(challenge.protectionSpace.authenticationMethod)");
            completionHandler(.rejectProtectionSpace, .none)
        }
        
        guard let trust = challenge.protectionSpace.serverTrust else {
            completionHandler(.rejectProtectionSpace, .none)
            return
        }
                     
        // First load our extra root-CAs to be trusted from the app bundle.
        let rootCa = CERT_NAME
        guard let rootCaPath = Bundle(for: SelfSignedCert.self).path(forResource: rootCa, ofType: CERT_TYPE), let rootCaData = NSData(contentsOfFile: rootCaPath) else {

            completionHandler(.rejectProtectionSpace, .none)
            return
        }
        let rootCert = SecCertificateCreateWithData(nil, rootCaData)
         SecTrustSetAnchorCertificates(trust, [rootCert] as CFArray)
         SecTrustSetAnchorCertificatesOnly(trust, false)
                
        evaluateTrust(trust: trust) { (trustResult) in
            
            self.evaluateTrustResult(trust:trust, trustResult: trustResult, tryToFixTrust: true, completionHandler: completionHandler)
        }
    }
    
    private func evaluateTrust(trust:SecTrust, completionHandler: @escaping (_ trustResult:SecTrustResultType) -> Void) {
        
        var trustResult: SecTrustResultType = SecTrustResultType.invalid
        if #available(iOS 13.0, *) {
            
            if (SecTrustEvaluateWithError(trust, nil)) {
                
                trustResult = SecTrustResultType.proceed;
            } else {
                SecTrustGetTrustResult(trust, &trustResult)
            }
            
        } else {
            SecTrustEvaluate(trust, &trustResult)
        }
        
        completionHandler(trustResult);
    }
    
    private func evaluateTrustResult(trust:SecTrust, trustResult:SecTrustResultType, tryToFixTrust:Bool, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
    
        switch trustResult {
        case SecTrustResultType.unspecified,
             SecTrustResultType.proceed:
            
             // Trust certificate.
            let credential = URLCredential(trust: trust)
            completionHandler(.useCredential, credential);
            
        case SecTrustResultType.recoverableTrustFailure:
            
            if (!tryToFixTrust) {
                completionHandler(.rejectProtectionSpace, .none)
                return
             }
            
            // Fix the result if it's a recoverable trust failure
            let errDataRef = SecTrustCopyExceptions(trust)
            SecTrustSetExceptions(trust, errDataRef)
            evaluateTrust(trust: trust) { (trustResult) in
                self.evaluateTrustResult(trust:trust, trustResult: trustResult, tryToFixTrust: false, completionHandler: completionHandler)
            }
        default:
            // We reject the challenge
            completionHandler(.rejectProtectionSpace, .none)
        }
    }
 }
	import Foundation
	import WebKit

	class SelfSignedCert: NSObject, WKNavigationDelegate {

	private let CERT_NAME = "ca"
	private let CERT_TYPE = "der"

	public func webView(_ webView: WKWebView, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {

	if challenge.protectionSpace.authenticationMethod != NSURLAuthenticationMethodServerTrust {

	NSLog("SelfSignedCert: Unexpected authentication method \(challenge.protectionSpace.authenticationMethod)");
	completionHandler(.rejectProtectionSpace, .none)
	}

	guard let trust = challenge.protectionSpace.serverTrust else {
	completionHandler(.rejectProtectionSpace, .none)
	return
	}

	// First load our extra root-CAs to be trusted from the app bundle.
	let rootCa = CERT_NAME
	guard let rootCaPath = Bundle(for: SelfSignedCert.self).path(forResource: rootCa, ofType: CERT_TYPE), let rootCaData = NSData(contentsOfFile: rootCaPath) else {

	completionHandler(.rejectProtectionSpace, .none)
	return
	}
	let rootCert = SecCertificateCreateWithData(nil, rootCaData)
	SecTrustSetAnchorCertificates(trust, [rootCert] as CFArray)
	SecTrustSetAnchorCertificatesOnly(trust, false)

	evaluateTrust(trust: trust) { (trustResult) in

	self.evaluateTrustResult(trust:trust, trustResult: trustResult, tryToFixTrust: true, completionHandler: completionHandler)
	}
	}

	private func evaluateTrust(trust:SecTrust, completionHandler: @escaping (_ trustResult:SecTrustResultType) -> Void) {

	var trustResult: SecTrustResultType = SecTrustResultType.invalid
	if #available(iOS 13.0, *) {

	if (SecTrustEvaluateWithError(trust, nil)) {

	trustResult = SecTrustResultType.proceed;
	} else {
	SecTrustGetTrustResult(trust, &trustResult)
	}

	} else {
	SecTrustEvaluate(trust, &trustResult)
	}

	completionHandler(trustResult);
	}

	private func evaluateTrustResult(trust:SecTrust, trustResult:SecTrustResultType, tryToFixTrust:Bool, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {

	switch trustResult {
	case SecTrustResultType.unspecified,
	SecTrustResultType.proceed:

	// Trust certificate.
	let credential = URLCredential(trust: trust)
	completionHandler(.useCredential, credential);

	case SecTrustResultType.recoverableTrustFailure:

	if (!tryToFixTrust) {
	completionHandler(.rejectProtectionSpace, .none)
	return
	}

	// Fix the result if it's a recoverable trust failure
	let errDataRef = SecTrustCopyExceptions(trust)
	SecTrustSetExceptions(trust, errDataRef)
	evaluateTrust(trust: trust) { (trustResult) in
	self.evaluateTrustResult(trust:trust, trustResult: trustResult, tryToFixTrust: false, completionHandler: completionHandler)
	}
	default:
	// We reject the challenge
	completionHandler(.rejectProtectionSpace, .none)
	}
	}
	}