Telegraph icon indicating copy to clipboard operation
Telegraph copied to clipboard

Published 20 hours ago verified publisher icon Building42

https localhost invalid

Open guzishiwo opened this issue 3 years ago • 1 comments

I open a local server for WKWebView. When I use http normally, but https, it is invalid to add a certificate. I use the certificate provided in demo. But Xcode throw Error: WebPageProxy::didFailProvisionalLoadForFrame: frameID=3, domain=NSURLErrorDomain, code=-1200 

class ViewController: UIViewController, WKNavigationDelegate {
    var server: TelegraphServer!
    var webView: WKWebView!

    override func viewDidLoad() {
        super.viewDidLoad()
        // Do any additional setup after loading the view.
        
        server = TelegraphServer()
        server.start()
        
        let url = URL(string: "https://localhost:9000/")!
        webView.load(URLRequest(url: url))
        webView.allowsBackForwardNavigationGestures = true
    }
    
    override func loadView() {
        webView = WKWebView()
        webView.navigationDelegate = self
        view = webView
    }
}

class TelegraphServer: NSObject {

    func start() {
        // Comment out this line if you want HTTP instead of HTTPS
        loadCertificates()
        setupServer()
    }
    
    private func loadCertificates() {
      // Load the P12 identity package from the bundle
      if let identityURL = Bundle.main.url(forResource: "localhost", withExtension: "p12") {
        print("indentityUrl \(identityURL)");
        identity = CertificateIdentity(p12URL: identityURL, passphrase: "test")
      }

      // Load the Certificate Authority certificate from the bundle
      if let caCertificateURL = Bundle.main.url(forResource: "ca", withExtension: "der") {
        caCertificate = Certificate(derURL: caCertificateURL)
      }

      // We want to override the default SSL handshake. We aren't using a trusted root
      // certificate authority and the hostname doesn't match the common name of the certificate.
      if let caCertificate = caCertificate {
        tlsPolicy = TLSPolicy(commonName: "localhost", certificates: [caCertificate])
      }
    }
}

guzishiwo avatar Nov 11 '21 11:11 guzishiwo

I have solved. WKwebview need trust

    func webView(_ webView: WKWebView, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
        
        if let serverTrust = challenge.protectionSpace.serverTrust {
            let credential = URLCredential(trust: serverTrust)
            completionHandler(.useCredential, credential)
        }else{
            completionHandler(.useCredential, nil)
        }
    }

dot-wei2021 avatar Nov 12 '21 02:11 dot-wei2021

Hi, sorry I haven't been really active in this project. Glad you found the solution.

Certificates can only be trusted if they have been issued by one of the trusted certificate authorities. Otherwise you need to explicitly trust the certificate on the client, like you did in your code.

In the demo app we do this using these lines: https://github.com/Building42/Telegraph/blob/main/Examples/Demo/TelegraphDemo.swift#L213

yvbeek avatar Aug 12 '22 21:08 yvbeek