带有 SSL 客户端证书的 iPhone 应用程序 [英] IPhone app with SSL client certs

问题描述

我正在构建一个 iphone 应用程序，该应用程序需要使用客户端证书通过 https 访问 Web 服务.如果我将客户端证书(以 pkcs12 格式)放在应用程序包中，我可以将其加载到应用程序中并进行 https 调用(很大程度上要感谢 stackoverflow.com).

I'm building an iphone app that needs to access a web service over https using client certificates. If I put the client cert (in pkcs12 format) in the app bundle, I'm able to load it into the app and make the https call (largely thanks to stackoverflow.com).

但是，我需要一种方法来分发没有任何证书的应用程序，并将其留给用户提供自己的证书.我想我会通过指示用户在 iphone 的配置文件(设置->常规->配置文件)中导入证书来做到这一点，这是通过在 Mail.app 中打开一个 .p12 文件得到的，然后我会访问该项目在我的应用程序中.我希望配置文件中的证书可以通过钥匙串 API 获得，但我想我错了.

However, I need a way to distribute the app without any certs and leave it to the user to provide his own certificate. I thought I would just do that by instructing the user to import the certificate in iphone's profiles (settings->general->profiles), which is what you get by opening a .p12 file in Mail.app and then I would access that item in my app. I would expect that the certificates in profiles are available through the keychain API, but I guess I'm wrong on that.

1) 有没有办法访问我已经在我的应用程序中的 iphone 配置文件中加载的证书?

1) Is there a way to access a certificate that I've already loaded in iphone's profile in my app?

2) 我还有哪些其他选项可以在我的应用中加载用户指定的证书?我唯一能想到的就是提供一些界面，用户可以在其中提供指向他的 .p12 证书的 URL，然后我可以将其加载到应用程序的钥匙串中供以后使用，但这并不完全是用户友好的.我正在寻找允许用户将证书放在手机上(通过电子邮件发送给自己)然后将其加载到我的应用程序中的东西.

2) What other options I have for loading a user specified certificate in my app? The only thing I can come up with is providing some interface where the user can give an URL to his .p12 cerificate, which I can then load into the app's keychain for later use, but thats not exactly user-friednly. I'm looking for something that would allow the user to put the cert on phone (email it to himself) and then load it in my app.

推荐答案

我试过这个:

NSString *thePath = [[NSBundle mainBundle] pathForResource:@"certificate" ofType:@"p12"]; 
NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath]; 
CFDataRef inPKCS12Data = (CFDataRef)PKCS12Data; 
CFStringRef password = CFSTR("pass"); 
const void *keys[] = { kSecImportExportPassphrase }; 
const void *values[] = { password }; 
CFDictionaryRef optionsDictionary = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL); 
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL); 
SecPKCS12Import(inPKCS12Data, optionsDictionary, &items); 

inPKCS12Data 正确但项目为空.发生了什么?

inPKCS12Data is correct but items is empty. What is happening?

这篇关于带有 SSL 客户端证书的 iPhone 应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！