Unable to Send Client Certificate to iOS application
I am trying to SSL connection with server with certificates. I am able to compare server certificate validation. But I am facing issue while sending client certificate to Server.
Some one please help in issue. Thanks in Advance.
NSString * urlString = @“—“-;
NSMutableURLRequest * req = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:urlString]];
[req setValue:@“ACCESS_TOKEN_VALUE” forHTTPHeaderField:@"ACCESSTOKEN"];
[[self.urlSession dataTaskWithRequest:req completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) { dispatch_async(dispatch_get_main_queue(), ^{ [self.activityIndicator stopAnimating]; if (!error) { self.textView.text = [[NSString alloc]initWithData:data encoding:NSASCIIStringEncoding]; self.textView.textColor = [UIColor blackColor]; } else { self.textView.text = error.description; self.textView.textColor = [UIColor redColor]; NSLog(@"ISSUE : %@", error); } }); }]resume] ;
pragma mark - NSURLSession delegate
-(void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential * _Nullable))completionHandler {
NSLog(@"challenge: %@",challenge.protectionSpace.authenticationMethod);
SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, 0);
NSMutableArray *policies = [NSMutableArray array];
[policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)challenge.protectionSpace.host)];
SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies);
SecTrustResultType result;
SecTrustEvaluate(serverTrust, &result);
BOOL certificateIsValid = (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed);
certificateIsValid = YES;
if (result == kSecTrustResultRecoverableTrustFailure)
{
CFDataRef errDataRef = SecTrustCopyExceptions(serverTrust);
SecTrustSetExceptions(serverTrust, errDataRef);
SecTrustEvaluate(serverTrust, &result);
}
// Get local and remote cert data
NSData *remoteCertificateData = CFBridgingRelease(SecCertificateCopyData(certificate));
NSString *pathToCert = [[NSBundle mainBundle]pathForResource:@"server-public" ofType:@"cer"];
NSData *localCertificate = [NSData dataWithContentsOfFile:pathToCert];
if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodClientCertificate)
{
NSURLCredential *credential = [self getClientCredential];
NSLog(@"Client ceertifiate %@",credential);
completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
}
if ([remoteCertificateData isEqualToData:localCertificate] && certificateIsValid) {
NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
} else {
completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, NULL);
}
}
-(NSURLCredential *)getClientCredential { NSString *certPath = [[NSBundle mainBundle] pathForResource:@"client-public" ofType:@"cer"]; NSData *certData = [[NSData alloc] initWithContentsOfFile:certPath];
SecIdentityRef myIdentity = [self getClientCertificateWithCer]; // ???
SecCertificateRef myCert = SecCertificateCreateWithData(NULL, (CFDataRef)certData);
SecCertificateRef certArray[1] = { myCert };
CFArrayRef myCerts = CFArrayCreate(NULL, (void *)certArray, 1, NULL);
NSArray * cArr = (__bridge NSArray *)myCerts;
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity
certificates:cArr persistence:NSURLCredentialPersistencePermanent];
return credential;
}
-(SecIdentityRef)getClientCertificateWithCer { SecIdentityRef identityApp = nil; NSString *thePath = [[NSBundle mainBundle] pathForResource:@"client-public" ofType:@"cer"]; NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath]; CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data; identityApp = SecCertificateCreateWithData(kCFAllocatorDefault, inPKCS12Data); return identityApp; } - (SecIdentityRef)getClientCertificate { SecIdentityRef identityApp = nil; NSString *thePath = [[NSBundle mainBundle] pathForResource:@"client-public" ofType:@"cer"]; NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath]; CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data; CFStringRef password = CFSTR(""); const void *keys[] = { kSecImportExportPassphrase }; const void *values[] = { password }; CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL); CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
OSStatus securityError = SecPKCS12Import(inPKCS12Data, options, &items);
if (securityError == errSecSuccess) {
NSLog(@"Success opening p12 certificate. Items: %ld", CFArrayGetCount(items));
CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);
} else {
NSLog(@"Error opening Certificate.");
}
return identityApp;
}
链接地址: http://www.djcxy.com/p/81916.html上一篇: 核心文本中的行间距如何工作? (为什么它不同于NSLayoutManager?)
下一篇: 无法将客户端证书发送到iOS应用程序