无法将客户端证书发送到iOS应用程序

 

我正尝试使用证书与服务器进行SSL连接。 我能够比较服务器证书验证。 但是,我将客户端证书发送到服务器时遇到问题。

有人请帮忙解决。 提前致谢。 

NSString * urlString = @“—“-;
NSMutableURLRequest * req = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:urlString]];
[req setValue:@“ACCESS_TOKEN_VALUE” forHTTPHeaderField:@"ACCESSTOKEN"];

[self.urlSession dataTaskWithRequest:req completionHandler:^(NSData * _Nullable data,NSURLResponse * _Nullable response,NSError * _Nullable error){dispatch_async(dispatch_get_main_queue(),^ {[self.activityIndi​​cator stopAnimating]; if(!error){self .textView.text = [[NSString alloc] initWithData:data encoding:NSASCIIStringEncoding]; self.textView.textColor = [UIColor blackColor];} else {self.textView.text = error.description; self.textView.textColor = [UIColor redColor]; NSLog(@“ISSUE:%@”,error);}}); }]恢复] ;

编译标记 - NSURLSession委托

- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler :( void(^)(NSURLSessionAuthChallengeDisposition,NSURLCredential * _Nullable))completionHandler { 

NSLog(@"challenge: %@",challenge.protectionSpace.authenticationMethod);
SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, 0);


NSMutableArray *policies = [NSMutableArray array];
[policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)challenge.protectionSpace.host)];
SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies);


SecTrustResultType result;
SecTrustEvaluate(serverTrust, &result);
BOOL certificateIsValid = (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed);
certificateIsValid = YES;
if (result == kSecTrustResultRecoverableTrustFailure)
{
    CFDataRef errDataRef = SecTrustCopyExceptions(serverTrust);
    SecTrustSetExceptions(serverTrust, errDataRef);
    SecTrustEvaluate(serverTrust, &result);

}
// Get local and remote cert data
NSData *remoteCertificateData = CFBridgingRelease(SecCertificateCopyData(certificate));
 NSString *pathToCert = [[NSBundle mainBundle]pathForResource:@"server-public" ofType:@"cer"];
NSData *localCertificate = [NSData dataWithContentsOfFile:pathToCert];

if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodClientCertificate)
{
    NSURLCredential *credential = [self getClientCredential];
    NSLog(@"Client ceertifiate %@",credential);
    completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
}

if ([remoteCertificateData isEqualToData:localCertificate] && certificateIsValid) {
    NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
    completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
} else {

      completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, NULL);
}

}

- (NSURLCredential *)getClientCredential {NSString * certPath = [[NSBundle mainBundle] pathForResource:@“client-public”ofType:@“cer”]; NSData * certData = [[NSData alloc] initWithContentsOfFile:certPath]; 

SecIdentityRef myIdentity  = [self getClientCertificateWithCer]; // ???

SecCertificateRef myCert = SecCertificateCreateWithData(NULL, (CFDataRef)certData);
SecCertificateRef certArray[1] = { myCert };
CFArrayRef myCerts = CFArrayCreate(NULL, (void *)certArray, 1, NULL);
NSArray * cArr = (__bridge NSArray *)myCerts;
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity
                                                         certificates:cArr persistence:NSURLCredentialPersistencePermanent];
return credential;

}

- (SecIdentityRef)getClientCertificateWithCer {SecIdentityRef identityApp = nil; NSString * thePath = [[NSBundle mainBundle] pathForResource:@“client-public”ofType:@“cer”]; NSData * PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath]; CFDataRef inPKCS12Data =(__bridge CFDataRef)PKCS12Data; identityApp = SecCertificateCreateWithData(kCFAllocatorDefault,inPKCS12Data); 返回identityApp; } - (SecIdentityRef)getClientCertificate {SecIdentityRef identityApp = nil; NSString * thePath = [[NSBundle mainBundle] pathForResource:@“client-public”ofType:@“cer”]; NSData * PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath]; CFDataRef inPKCS12Data =(__bridge CFDataRef)PKCS12Data; CFStringRef password = CFSTR(“”); const void * keys [] = {kSecImportExportPassphrase}; const void * values [] = {password}; CFDictionaryRef options = CFDictionaryCreate(NULL,keys,values,1,NULL,NULL); CFArrayRef items = CFArrayCreate(NULL,0,0,NULL); 

OSStatus securityError = SecPKCS12Import(inPKCS12Data, options, &items);

if (securityError == errSecSuccess) {
    NSLog(@"Success opening p12 certificate. Items: %ld", CFArrayGetCount(items));
    CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
    identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);
} else {
    NSLog(@"Error opening Certificate.");
}
return identityApp;

}

链接地址: http://www.djcxy.com/p/81915.html

上一篇: Unable to Send Client Certificate to iOS application

下一篇: OS X El Capitan/macOS Sierra/macOS High Sierra