RealHTTP offers several options to integrate security options both for client and per requests.
Moreover you can implement your own schema and set it easily.
To assign a security settings set .security property of HTTPClient (global) or HTTPRequest (single request); passed objects must be conform to the HTTPSecurityService protocol which expose a challenge request.
RealHTTP has some bundled options for security:
acceptSelfSigned: accept any self-signed certificate (you should never set it in production)credentials: setup a custom callback function to perform authentication challange with theURLSession's AuthenticationCredentialscerts: allows SSL pinning with one or more instances ofSSLCertificateobjects.bundledCerts: allows SSL pinning with certificates contained inside the specified directory.custom; allows to set a customHTTPSecurityServiceconform object which handle the authentication challenge.
This is an example of SSL pinning:
// Load two certificates...
let cert1 = SSLCertificate(data: someData) // ... from some Data
let cert2 = SSLCertificate(fileURL: certFile) // ... from a file
// Then assign to the request (or client)
req.security = .certs([cert1, cert2], true) // true mean allowsPublicKeysYou load either a Data blob of your certificate or you can use a SecKeyRef if you have a public key you want to use. The usePublicKeys bool is whether to use the certificates for validation or the public keys.
The public keys will be extracted from the certificates automatically if usePublicKeys is choosen.
This is an example of using URLCredentials authentication:
req.security = credentials.({
URLCredential(user: "user", password: "password", persistence: .forSession)
})Sometimes you may want to allows all certificates, especially in development environment.
This is the way to accomplish it.
req.security = .acceptSelfSigned // per request
client.security = .acceptSelfSigned // per clientNOTE: request's settings always override default client settings.