I am trying to SSL connection with server with certificates. I am able to compare server certificate validation. But I am facing issue while sending client certificate to Server.

Some one please help in issue. Thanks in Advance.

NSString * urlString = @“—“-;
NSMutableURLRequest * req = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:urlString]];
[req setValue:@“ACCESS_TOKEN_VALUE” forHTTPHeaderField:@"ACCESSTOKEN"];

[[self.urlSession dataTaskWithRequest:req completionHandler:^(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error) { dispatch_async(dispatch_get_main_queue(), ^{ [self.activityIndicator stopAnimating]; if (!error) { self.textView.text = [[NSString alloc]initWithData:data encoding:NSASCIIStringEncoding]; self.textView.textColor = [UIColor blackColor]; } else { self.textView.text = error.description; self.textView.textColor = [UIColor redColor]; NSLog(@"ISSUE : %@", error); } }); }]resume] ;

pragma mark - NSURLSession delegate

-(void)URLSession:(NSURLSession *)session didReceiveChallenge:(NSURLAuthenticationChallenge *)challenge completionHandler:(void (^)(NSURLSessionAuthChallengeDisposition, NSURLCredential * _Nullable))completionHandler {

NSLog(@"challenge: %@",challenge.protectionSpace.authenticationMethod);
SecTrustRef serverTrust = challenge.protectionSpace.serverTrust;
SecCertificateRef certificate = SecTrustGetCertificateAtIndex(serverTrust, 0);


NSMutableArray *policies = [NSMutableArray array];
[policies addObject:(__bridge_transfer id)SecPolicyCreateSSL(true, (__bridge CFStringRef)challenge.protectionSpace.host)];
SecTrustSetPolicies(serverTrust, (__bridge CFArrayRef)policies);


SecTrustResultType result;
SecTrustEvaluate(serverTrust, &result);
BOOL certificateIsValid = (result == kSecTrustResultUnspecified || result == kSecTrustResultProceed);
certificateIsValid = YES;
if (result == kSecTrustResultRecoverableTrustFailure)
{
    CFDataRef errDataRef = SecTrustCopyExceptions(serverTrust);
    SecTrustSetExceptions(serverTrust, errDataRef);
    SecTrustEvaluate(serverTrust, &result);

}
// Get local and remote cert data
NSData *remoteCertificateData = CFBridgingRelease(SecCertificateCopyData(certificate));
 NSString *pathToCert = [[NSBundle mainBundle]pathForResource:@"server-public" ofType:@"cer"];
NSData *localCertificate = [NSData dataWithContentsOfFile:pathToCert];

if (challenge.protectionSpace.authenticationMethod == NSURLAuthenticationMethodClientCertificate)
{
    NSURLCredential *credential = [self getClientCredential];
    NSLog(@"Client ceertifiate %@",credential);
    completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
}

if ([remoteCertificateData isEqualToData:localCertificate] && certificateIsValid) {
    NSURLCredential *credential = [NSURLCredential credentialForTrust:serverTrust];
    completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
} else {

      completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, NULL);
}

}

-(NSURLCredential *)getClientCredential { NSString *certPath = [[NSBundle mainBundle] pathForResource:@"client-public" ofType:@"cer"]; NSData *certData = [[NSData alloc] initWithContentsOfFile:certPath];

SecIdentityRef myIdentity  = [self getClientCertificateWithCer]; // ???

SecCertificateRef myCert = SecCertificateCreateWithData(NULL, (CFDataRef)certData);
SecCertificateRef certArray[1] = { myCert };
CFArrayRef myCerts = CFArrayCreate(NULL, (void *)certArray, 1, NULL);
NSArray * cArr = (__bridge NSArray *)myCerts;
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity
                                                         certificates:cArr persistence:NSURLCredentialPersistencePermanent];
return credential;

}

-(SecIdentityRef)getClientCertificateWithCer { SecIdentityRef identityApp = nil; NSString *thePath = [[NSBundle mainBundle] pathForResource:@"client-public" ofType:@"cer"]; NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath]; CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data; identityApp = SecCertificateCreateWithData(kCFAllocatorDefault, inPKCS12Data); return identityApp; } - (SecIdentityRef)getClientCertificate { SecIdentityRef identityApp = nil; NSString *thePath = [[NSBundle mainBundle] pathForResource:@"client-public" ofType:@"cer"]; NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath]; CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data; CFStringRef password = CFSTR(""); const void *keys[] = { kSecImportExportPassphrase }; const void *values[] = { password }; CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL); CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);

OSStatus securityError = SecPKCS12Import(inPKCS12Data, options, &items);

if (securityError == errSecSuccess) {
    NSLog(@"Success opening p12 certificate. Items: %ld", CFArrayGetCount(items));
    CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
    identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);
} else {
    NSLog(@"Error opening Certificate.");
}
return identityApp;

}

链接地址: http://www.djcxy.com/p/81916.html

上一篇: 核心文本中的行间距如何工作？ （为什么它不同于NSLayoutManager？）

下一篇: 无法将客户端证书发送到iOS应用程序