具有SSL客户端证书的iPhone应用程序 [英] IPhone app with SSL client certs
问题描述
我正在构建一个需要使用客户端证书通过https访问Web服务的iPhone应用程序。如果我将客户端证书(pkcs12格式)放入应用程序包中,我就可以将其加载到应用程序中并进行https调用(主要得益于stackoverflow.com)。
I'm building an iphone app that needs to access a web service over https using client certificates. If I put the client cert (in pkcs12 format) in the app bundle, I'm able to load it into the app and make the https call (largely thanks to stackoverflow.com).
但是,我需要一种方法来分发没有任何证书的应用程序,并留给用户提供自己的证书。我想我会这样做,指示用户在iphone的配置文件中导入证书(settings-> general-> profiles),这是你在Mail.app中打开一个.p12文件然后我会访问该项目在我的应用程序中我希望配置文件中的证书可以通过keychain API获得,但我想我错了。
However, I need a way to distribute the app without any certs and leave it to the user to provide his own certificate. I thought I would just do that by instructing the user to import the certificate in iphone's profiles (settings->general->profiles), which is what you get by opening a .p12 file in Mail.app and then I would access that item in my app. I would expect that the certificates in profiles are available through the keychain API, but I guess I'm wrong on that.
1)有没有办法访问证书我已经在我的应用程序中加载了iphone的个人资料?
1) Is there a way to access a certificate that I've already loaded in iphone's profile in my app?
2)我在我的应用程序中加载用户指定证书还有哪些其他选项?我唯一能想到的就是提供一些界面,用户可以在其中提供他的.p12证书的URL,然后我可以将其加载到应用程序的钥匙串中供以后使用,但这不完全是用户精简的。我正在寻找允许用户将证书放在手机上的电子邮件(通过电子邮件发送给自己),然后将其加载到我的应用程序中。
2) What other options I have for loading a user specified certificate in my app? The only thing I can come up with is providing some interface where the user can give an URL to his .p12 cerificate, which I can then load into the app's keychain for later use, but thats not exactly user-friednly. I'm looking for something that would allow the user to put the cert on phone (email it to himself) and then load it in my app.
推荐答案
我已经通过itunes访问应用程序的文档文件夹,为最近的应用程序做了这个。然后,我们的用户被指示将他们生成的密钥(以p12格式文件)拖动到iTunes中我们的应用程序的文档面板中。当应用程序启动时,它会检查是否存在p12文件,如果存在,则将文件导入到钥匙串中。
I've done this for a recent app by making the documents folder for the app accessible via itunes. Our users are then instructed to drag their generated key (in a p12 format file) into the documents panel for our app in iTunes. When the app is started, it checks for the existence of the p12 file and, if it exists, imports the file into the keychain.
这不是最简单的程序,但是它是最安全的,因为您没有通过电子邮件发送私钥文件。
It's not the simplest procedure, but it is the most secure because you don't have a private key file being sent around via email.
这篇关于具有SSL客户端证书的iPhone应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
