无法将客户端证书发送到iOS应用程序
我正尝试使用证书与服务器进行SSL连接。 我能够比较服务器证书验证。 但是,我将客户端证书发送到服务器时遇到问题。
有人请帮忙解决。 提前致谢。
NSString * urlString = @“—“-;
NSMutableURLRequest * req = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:urlString]];
[req setValue:@“ACCESS_TOKEN_VALUE” forHTTPHeaderField:@"ACCESSTOKEN"];
[self.urlSession dataTaskWithRequest:req completionHandler:^(NSData * _Nullable data,NSURLResponse * _Nullable response,NSError * _Nullable error){dispatch_async(dispatch_get_main_queue(),^ {[self.activityIndicator stopAnimating]; if(!error){self .textView.text = [[NSString alloc] initWithData:data encoding:NSASCIIStringEncoding]; self.textView.textColor = [UIColor blackColor];} else {self.textView.text = error.description; self.textView.textColor = [UIColor redColor]; NSLog(@“ISSUE:%@”,error);}}); }]恢复] ;
编译标记 - NSURLSession委托
- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler :( void(^)(NSURLSessionAuthChallengeDisposition,NSURLCredential * _Nullable))completionHandler {
NSLog(@"challenge: %@",challenge.protectionSpace.authenticationMethod);
SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, 0);
NSMutableArray *policies = [NSMutableArray array];
[policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)challenge.protectionSpace.host)];
SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies);
SecTrustResultType result;
SecTrustEvaluate(serverTrust, &result);
BOOL certificateIsValid = (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed);
certificateIsValid = YES;
if (result == kSecTrustResultRecoverableTrustFailure)
{
CFDataRef errDataRef = SecTrustCopyExceptions(serverTrust);
SecTrustSetExceptions(serverTrust, errDataRef);
SecTrustEvaluate(serverTrust, &result);
}
// Get local and remote cert data
NSData *remoteCertificateData = CFBridgingRelease(SecCertificateCopyData(certificate));
NSString *pathToCert = [[NSBundle mainBundle]pathForResource:@"server-public" ofType:@"cer"];
NSData *localCertificate = [NSData dataWithContentsOfFile:pathToCert];
if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodClientCertificate)
{
NSURLCredential *credential = [self getClientCredential];
NSLog(@"Client ceertifiate %@",credential);
completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
}
if ([remoteCertificateData isEqualToData:localCertificate] && certificateIsValid) {
NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
} else {
completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, NULL);
}
}
- (NSURLCredential *)getClientCredential {NSString * certPath = [[NSBundle mainBundle] pathForResource:@“client-public”ofType:@“cer”]; NSData * certData = [[NSData alloc] initWithContentsOfFile:certPath];
SecIdentityRef myIdentity = [self getClientCertificateWithCer]; // ???
SecCertificateRef myCert = SecCertificateCreateWithData(NULL, (CFDataRef)certData);
SecCertificateRef certArray[1] = { myCert };
CFArrayRef myCerts = CFArrayCreate(NULL, (void *)certArray, 1, NULL);
NSArray * cArr = (__bridge NSArray *)myCerts;
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity
certificates:cArr persistence:NSURLCredentialPersistencePermanent];
return credential;
}
- (SecIdentityRef)getClientCertificateWithCer {SecIdentityRef identityApp = nil; NSString * thePath = [[NSBundle mainBundle] pathForResource:@“client-public”ofType:@“cer”]; NSData * PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath]; CFDataRef inPKCS12Data =(__bridge CFDataRef)PKCS12Data; identityApp = SecCertificateCreateWithData(kCFAllocatorDefault,inPKCS12Data); 返回identityApp; } - (SecIdentityRef)getClientCertificate {SecIdentityRef identityApp = nil; NSString * thePath = [[NSBundle mainBundle] pathForResource:@“client-public”ofType:@“cer”]; NSData * PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath]; CFDataRef inPKCS12Data =(__bridge CFDataRef)PKCS12Data; CFStringRef password = CFSTR(“”); const void * keys [] = {kSecImportExportPassphrase}; const void * values [] = {password}; CFDictionaryRef options = CFDictionaryCreate(NULL,keys,values,1,NULL,NULL); CFArrayRef items = CFArrayCreate(NULL,0,0,NULL);
OSStatus securityError = SecPKCS12Import(inPKCS12Data, options, &items);
if (securityError == errSecSuccess) {
NSLog(@"Success opening p12 certificate. Items: %ld", CFArrayGetCount(items));
CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);
} else {
NSLog(@"Error opening Certificate.");
}
return identityApp;
}
链接地址: http://www.djcxy.com/p/81915.html