我们可以在IOS SDK iphone中检索序列号，发行者DN，x509证书的主题详细信息吗? [英] Can we retrieve Serial No, Issuer DN, Subject Details of a x509 Certificate in IOS SDK iphone

问题描述

我们可以使用ios sdk或Openssl检索X509证书详细信息(序列号，颁发者DN，主题详细信息)吗?

Can we retrieve X509 Certificate details(Serial No, Issuer DN, Subject Details) using ios sdk or Openssl?

推荐答案

不幸的是，在iOS上，安全框架无法像在OSX上那样为您提供对序列号，DN和altName的完全相同的访问权限.

Unfortunately on iOS the Security framework does not give you quite the same level of access to serial numbers, DN and altNames as one gets on OSX.

但是，您可以访问原始格式的DER证书(SecIdentityCopyCertificate())，并具有一些诸如SecCertificateCopySubjectSummary()之类的粗略功能，以提取最少的内容.

You are however able to get access to the DER certificate in its raw form (SecIdentityCopyCertificate()) and have a few cursory functions like SecCertificateCopySubjectSummary() to extract the most minimal stuff.

如果要获取序列号. DN和(alt)主题-那么您必须在当今的iOS上解析DER.一种相当简单的方法是为此使用OpenSSL.

If you want to get at the serial. DN and (alt)subject - then you'll have to parse the DER on todays iOS. A fairly easy way is to use OpenSSL for that.

我发现 http://atastypixel.com /blog/easy-inclusion-of-openssl-into-iphone-app-projects/易于安装/使用.

I found http://atastypixel.com/blog/easy-inclusion-of-openssl-into-iphone-app-projects/ easy to install/use.

一旦安装好，就可以检查DER:

Once you have that in place you can examine the DER:

CFDataRef der = SecCertificateCopyData(cert);
const unsigned char * ptr = CFDataGetBytePtr(der);
int len = CFDataGetLength(der);

d2i_X509(&x509,&ptr,len);    
_sha1 = [(__bridge NSData *)der sha1];

然后您将参加以下比赛:

and then you are off to the races with things like:

X509_NAME * names_s = X509_get_subject_name(x509);
X509_NAME * names_i = X509_get_issuer_name(x509);
GENERAL_NAMES * subjects = X509_get_ext_d2i( x509, NID_subject_alt_name, 0, 0 );

ASN1_INTEGER *serial = X509_get_serialNumber(x509);
unsigned  long s = ASN1_INTEGER_get(serial);

根据需要对所有内容进行了一些痛苦的翻译:

with a somewhat painful translation of all that as needed:

+(NSArray *)names:(GENERAL_NAMES *)sANs {

int i, numAN = sk_GENERAL_NAME_num( sANs );
NSMutableArray * out = [NSMutableArray arrayWithCapacity:numAN];

for( i = 0; i < numAN; ++i ) {
    GENERAL_NAME *sAN = sk_GENERAL_NAME_value( sANs, i );

    if( sAN->type == GEN_DNS) {
        unsigned char *dns;
        int len = ASN1_STRING_to_UTF8( &dns, sAN->d.dNSName );
        if (len >0) {
            [out addObject:[[NSString alloc] initWithData:[NSData dataWithBytes:dns length:len] encoding:NSUTF8StringEncoding]];
            OPENSSL_free( dns );
        }
    }
    .. more types as needed ..
}
return out;
}

谢谢

Dw.

这篇关于我们可以在IOS SDK iphone中检索序列号，发行者DN，x509证书的主题详细信息吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！