带有 SSL 客户端证书的 iPhone 应用程序 [英] IPhone app with SSL client certs
问题描述
我正在构建一个 iphone 应用程序,该应用程序需要使用客户端证书通过 https 访问 Web 服务.如果我将客户端证书(以 pkcs12 格式)放在应用程序包中,我可以将其加载到应用程序中并进行 https 调用(很大程度上要感谢 stackoverflow.com).
I'm building an iphone app that needs to access a web service over https using client certificates. If I put the client cert (in pkcs12 format) in the app bundle, I'm able to load it into the app and make the https call (largely thanks to stackoverflow.com).
但是,我需要一种方法来分发没有任何证书的应用程序,并将其留给用户提供自己的证书.我想我会通过指示用户在 iphone 的配置文件(设置->常规->配置文件)中导入证书来做到这一点,这是通过在 Mail.app 中打开一个 .p12 文件得到的,然后我会访问该项目在我的应用程序中.我希望配置文件中的证书可以通过钥匙串 API 获得,但我想我错了.
However, I need a way to distribute the app without any certs and leave it to the user to provide his own certificate. I thought I would just do that by instructing the user to import the certificate in iphone's profiles (settings->general->profiles), which is what you get by opening a .p12 file in Mail.app and then I would access that item in my app. I would expect that the certificates in profiles are available through the keychain API, but I guess I'm wrong on that.
1) 有没有办法访问我已经在我的应用程序中的 iphone 配置文件中加载的证书?
1) Is there a way to access a certificate that I've already loaded in iphone's profile in my app?
2) 我还有哪些其他选项可以在我的应用中加载用户指定的证书?我唯一能想到的就是提供一些界面,用户可以在其中提供指向他的 .p12 证书的 URL,然后我可以将其加载到应用程序的钥匙串中供以后使用,但这并不完全是用户友好的.我正在寻找允许用户将证书放在手机上(通过电子邮件发送给自己)然后将其加载到我的应用程序中的东西.
2) What other options I have for loading a user specified certificate in my app? The only thing I can come up with is providing some interface where the user can give an URL to his .p12 cerificate, which I can then load into the app's keychain for later use, but thats not exactly user-friednly. I'm looking for something that would allow the user to put the cert on phone (email it to himself) and then load it in my app.
推荐答案
我试过这个:
NSString *thePath = [[NSBundle mainBundle] pathForResource:@"certificate" ofType:@"p12"];
NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath];
CFDataRef inPKCS12Data = (CFDataRef)PKCS12Data;
CFStringRef password = CFSTR("pass");
const void *keys[] = { kSecImportExportPassphrase };
const void *values[] = { password };
CFDictionaryRef optionsDictionary = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
SecPKCS12Import(inPKCS12Data, optionsDictionary, &items);
inPKCS12Data 正确但项目为空.发生了什么?
inPKCS12Data is correct but items is empty. What is happening?
这篇关于带有 SSL 客户端证书的 iPhone 应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!