# Security Options

RealHTTP offers several options to integrate security options both for client and per requests.  
Moreover you can implement your own schema and set it easily.

- [Security Options](#security-options)
  - [Configure security (SSL/TSL)](#configure-security-ssltsl)
  - [Self-Signed Certificates](#self-signed-certificates)

## Configure security (SSL/TSL)

To assign a security settings set `.security` property of `HTTPClient` (global) or `HTTPRequest` (single request); passed objects must be conform to the `HTTPSecurityService` protocol which expose a challenge request.

RealHTTP has some bundled options for security:
- `acceptSelfSigned`: accept any self-signed certificate **(you should never set it in production)**
- `credentials`: setup a custom callback function to perform authentication challange with the `URLSession`'s AuthenticationCredentials
- `certs`: allows SSL pinning with one or more instances of `SSLCertificate` objects.
- `bundledCerts`: allows SSL pinning with certificates contained inside the specified directory.
- `custom`; allows to set a custom `HTTPSecurityService` conform object which handle the authentication challenge.

This is an example of SSL pinning:

```swift
// Load two certificates...
let cert1 = SSLCertificate(data: someData) // ... from some Data
let cert2 = SSLCertificate(fileURL: certFile) // ... from a file

// Then assign to the request (or client)
req.security = .certs([cert1, cert2], true) // true mean allowsPublicKeys
```

You load either a `Data` blob of your certificate or you can use a `SecKeyRef` if you have a public key you want to use. The `usePublicKeys` bool is whether to use the certificates for validation or the public keys.  
The public keys will be extracted from the certificates automatically if `usePublicKeys` is choosen.

This is an example of using `URLCredentials` authentication:

```swift
req.security = credentials.({
    URLCredential(user: "user", password: "password", persistence: .forSession)
})
```

## Self-Signed Certificates

Sometimes you may want to allows all certificates, especially in development environment.  
This is the way to accomplish it.

```swift
 req.security = .acceptSelfSigned // per request
 client.security = .acceptSelfSigned // per client
```

> **NOTE:** request's settings always override default client settings.