ios,alamofire5:需要等效的curl --key foo.key --cert foo,pem --location --request GET'https://bar.baz/foo'; [英] ios, alamofire5: need an equivalent of curl --key foo.key --cert foo,pem --location --request GET 'https://bar.baz/foo"
问题描述
除了用于锁定证书的公共密钥外,我还有一个私有密钥.
I've got a private key in addition to a public key to pin certificate.
如何向服务器验证身份?
How would authenticate with the to the server?
$ file *
foo.der: data
foo.private.der: data
源自openssl,来自
derived with openssl from
foo.key: PEM RSA private key
foo.pem: PEM certificate
我需要的是与之等效的alamofire:
what i need is an alamofire equivalent of this:
curl --key foo.key --cert foo.pem --location --request GET'https://somhostofmine/v1/welcome/'
curl --key foo.key --cert foo.pem --location --request GET 'https://somhostofmine/v1/welcome/'
$ curl --key ./client_key.pem --cert ./client.pem --location --request GET'https://someurl' 你好,哇!"
$ curl --key ./client_key.pem --cert ./client.pem --location --request GET 'https://someurl' "Hello wold!"
有效
$ curl --cert ./client.pem --location --request GET'https://someurl/v1/welcome/' curl:(58)无法设置私钥文件:"./client.pem"类型为PEM
$ curl --cert ./client.pem --location --request GET 'https://someurl/v1/welcome/' curl: (58) unable to set private key file: './client.pem' type PEM
不是
因此使用不带私钥的证书本身的建议不起作用.
So suggestions to use certificate itself without private key do not work.
我们要在此处处理证书固定还是存在私钥的情况?
Are we dealing with certificate pinning here or given the presence of the private key this is something else going here???
推荐答案
- 使用openssl将私钥和公钥打包到p12容器中
- 这是关键没有评估并发送客户端证书的Alamofire
创建PKCS512()实例,并使用该实例创建URLCredential (以上链接中的代码) 在alamofire中,您需要的是上面链接中的PKCS12类 和URLCredential扩展名
created PKCS512() instance and created URLCredential using that (code in the link above) in alamofire all you need from the link above is the PKCS12 class and URLCredential extension
public class PKCS12 {
let label:String?
let keyID:NSData?
let trust:SecTrust?
let certChain:[SecTrust]?
let identity:SecIdentity?
public init(PKCS12Data:NSData,password:String)
{
let importPasswordOption:NSDictionary = [kSecImportExportPassphrase as NSString:password]
var items : CFArray?
let secError:OSStatus = SecPKCS12Import(PKCS12Data, importPasswordOption, &items)
guard secError == errSecSuccess else {
if secError == errSecAuthFailed {
NSLog("ERROR: SecPKCS12Import returned errSecAuthFailed. Incorrect password?")
}
fatalError("SecPKCS12Import returned an error trying to import PKCS12 data")
}
guard let theItemsCFArray = items else { fatalError() }
let theItemsNSArray:NSArray = theItemsCFArray as NSArray
guard let dictArray = theItemsNSArray as? [[String:AnyObject]] else { fatalError() }
func f<T>(key:CFString) -> T? {
for d in dictArray {
if let v = d[key as String] as? T {
return v
}
}
return nil
}
self.label = f(key: kSecImportItemLabel)
self.keyID = f(key: kSecImportItemKeyID)
self.trust = f(key: kSecImportItemTrust)
self.certChain = f(key: kSecImportItemCertChain)
self.identity = f(key: kSecImportItemIdentity)
}
}
extension URLCredential {
public convenience init?(PKCS12 thePKCS12:PKCS12) {
if let identity = thePKCS12.identity {
self.init(
identity: identity,
certificates: thePKCS12.certChain,
persistence: URLCredential.Persistence.forSession)
}
else { return nil }
}
}
- 输入该凭据进行身份验证(使用:urlCredential) 每个在Alamofire 5委托中缺少sessionDidReceiveChallenge
- fed that credential to authenticate(with: urlCredential) per Missing sessionDidReceiveChallenge in Alamofire 5 delegate
就是这样.
将密码硬编码到p12构造函数中非常难看. E 我猜关键是base64在p12中烘焙到代码中,而不是将其作为易于ipa修补程序附加的文件.
Hardcoding password into p12 constructor was super ugly. Eww What's key I guess is base64 baking in p12 into code rather than having it as a file prone to ipa patcher attach.
这篇关于ios,alamofire5:需要等效的curl --key foo.key --cert foo,pem --location --request GET'https://bar.baz/foo';的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
