iPhone:HTTPS客户端证书身份验证 [英] iPhone: HTTPS client cert authentication
问题描述
我在争取客户端证书身份验证。当服务器需要凭据(在这种情况下为证书)时,此方法将从 NSURLConnection 委托调用:
I'm fighting with a client certificate authentication. When a server needs a credential (a certificate in this case), this method is invoked from NSURLConnection delegate:
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
我想从文件加载证书,填写凭据并运行此方法:
I want to load a certificate from a file, fill a credential and run this method:
[[challenge sender] useCredential:[self credential] forAuthenticationChallenge:challenge];
但我不知道如何初始化(或填写) SecIdentityRef 参数。这里是我的代码创建凭证:
But I don't know how to initialize (or fill) a SecIdentityRef parameter. Here is my code that creates the credentials:
NSString *certPath = [[NSBundle mainBundle] pathForResource:@"certificate" ofType:@"cer"];
NSData *certData = [[NSData alloc] initWithContentsOfFile:certPath];
SecIdentityRef myIdentity; // ???
SecCertificateRef myCert = SecCertificateCreateWithData(NULL, (CFDataRef)certData);
[certData release];
SecCertificateRef certArray[1] = { myCert };
CFArrayRef myCerts = CFArrayCreate(NULL, (void *)certArray, 1, NULL);
CFRelease(myCert);
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity
certificates:(NSArray *)myCerts
persistence:NSURLCredentialPersistencePermanent];
CFRelease(myCerts);
有人知道如何解决吗?非常感谢。
Does anybody know how to solve it? Thanks.
我终于找到了解决方案,但一个新问题在这里:
I've finally found the solution, but a new problem is here:
我的客户端不将证书发送到服务器。在服务器请求证书后,应用程序运行此方法:
my client doesn't send the certificate to the server. After the server asks for the certificate, the application runs this method:
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
并且我填写凭证以错误结尾: NSURLErrorDomain -1206 。根据服务器日志,客户端证书不是由应用程序发送的。
and I fill the credential (like I mentioned above), but the connection ends with an error: NSURLErrorDomain -1206. According to the server logs the client certificate is not sent by the application.
有任何人有这种行为的经验吗?我需要以某种方式验证应用程序中的证书吗?还是别的什么让它工作?我可以提供我当前的代码,如果它有帮助。感谢任何想法...
Has anybody any experience with this behaviour? Do I need to somehow verify the certificate in the application? Or anything else to make it work? I can provide my current code if it helps. Thanks for any ideas...
推荐答案
我使用这些步骤:
- 使用SecPKCS12Import函数从pkcs12证书文件中提取SecIdentityRef
- 使用SecIdentityCopyCertificate函数获取SecCertificateRef
和其余(一个凭证初始化)是相同的,在我的问题...我可以把这里更多的代码,如果你想要的。请注意,在iPhone中有一个错误( http://openradar.appspot.com/7090030 )模拟器,因此不可能在模拟器中使用大量的证书。
and the rest (a credential initialization) is the same as in my question... I can put here more code if you want. Note that there is a bug (http://openradar.appspot.com/7090030) in the iphone simulator, so it is not possible to work with a lot of certifcates in the simulator.
这篇关于iPhone:HTTPS客户端证书身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!