用于在iOS上运行HTTPS服务器的SSL身份证书 [英] SSL Identity Certificate to run an HTTPS Server on iOS
问题描述
我正在尝试在iOS应用中构建 HTTPS服务器,以便充当我的网络应用和外部服务器之间的代理。
I'm trying to build an HTTPS server in an iOS app, in order to act as a proxy between my web-app and my external server.
我已经设法通过监听套接字来建立HTTP服务器,这要归功于CFSocketRef或使用GCDAsyncSocket库。
我也成功运行了一个运行HTTPS服务器的Mac应用程序,使用GCDAsyncSocket库,并且感谢我的方法secureSocket:,它确保了连接:
I have managed to make an HTTP server by listening to a socket, either thanks to CFSocketRef or using the GCDAsyncSocket library. I have also succeed to make a Mac app running an HTTPS server, using the GCDAsyncSocket library and thanks to my method "secureSocket:" below which secures the connection:
- (void)socket:(GCDAsyncSocket *)sock didAcceptNewSocket:(GCDAsyncSocket *)newSocket
{
// (...)
// secure the connection
[self secureSocket:newSocket];
// (...)
}
- (void)secureSocket:(GCDAsyncSocket *)sock
{
// The root self-signed certificate I have created
NSString *certificatePath = [[NSBundle mainBundle] pathForResource:@"certificate" ofType:@"cer"];
NSData *certData = [[NSData alloc] initWithContentsOfFile:certificatePath];
CFDataRef certDataRef = (CFDataRef)certData;
SecCertificateRef cert = SecCertificateCreateWithData(NULL, certDataRef);
[certData release];
// the "identity" certificate
SecIdentityRef identityRef;
SecIdentityCreateWithCertificate(NULL, cert, &identityRef);
// the certificates array, containing the identity then the root certificate
NSArray *certs = [[NSArray alloc] initWithObjects:(id)identityRef, (id)cert, nil];
// the SSL configuration
NSMutableDictionary *settings = [NSMutableDictionary dictionaryWithCapacity:3];
[settings setObject:[NSNull null] forKey:(NSString *)kCFStreamSSLPeerName];
[settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kCFStreamSSLAllowsAnyRoot];
[settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kCFStreamSSLAllowsExpiredRoots];
[settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kCFStreamSSLAllowsExpiredCertificates];
[settings setObject:[NSNumber numberWithBool:NO] forKey:(NSString *)kCFStreamSSLValidatesCertificateChain];
[settings setObject:(NSString *)kCFStreamSocketSecurityLevelNegotiatedSSL forKey:(NSString*)kCFStreamSSLLevel];
[settings setObject:certs forKey:(NSString *)kCFStreamSSLCertificates];
[settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kCFStreamSSLIsServer];
[sock startTLS:settings];
[certs release];
}
我使用的证书是我自签名的服务器SSL证书使用Keychain Access创建。
所以我理解我必须给系统一个配置集,其中包含一个包含身份和证书的数组。它在我的Mac应用程序上运行正常。
The certificate I'm using is a self-signed server SSL certificate I have created with Keychain Access. So I understand that I have to give the system a configuration set with an array containing an identity and a certificate. And it works fine on my Mac app.
问题是在我的iOS应用程序的HTTP服务器上启用SSL。
创建身份的方法SecIdentityCreateWithCertificate()在iOS上不存在,我不知道如何以另一种方式创建身份。
The problem is to enable the SSL on the HTTP server of my iOS app. The method "SecIdentityCreateWithCertificate()" which creates the identity doesn't exist on iOS and I don't know how to create an identity another way.
如何在iOS上创建SecIdentityRef(启用SSL服务器端)?我是否遗漏喜欢将公钥/私钥存储在我的应用程序中,还是其他什么?非常感谢你。
How to create an SecIdentityRef on iOS (to enable SSL server side)? Did I miss something like to store the public/private key in my app, or something else? Thank you so much.
推荐答案
我会发一个单独的答案,因为评论不适合代码共享。
以下是我用来导入PKCS12的内容:
I will post a separate answer, as comments are not suitable for code sharing.
Here is what I use to import my PKCS12:
CFArrayRef keyref = NULL;
OSStatus sanityChesk = SecPKCS12Import((__bridge CFDataRef)p12Data,
(__bridge CFDictionaryRef)[NSDictionary
dictionaryWithObject:password
forKey:(__bridge id)kSecImportExportPassphrase],
&keyref);
if (sanityChesk != noErr) {
NSLog(@"Error while importing pkcs12 [%d]", sanityChesk);
return nil;
}
NSArray *keystore = (__bridge_transfer NSArray *)keyref;
完整的p12内容将位于 密钥库 数组。
The complete p12 content will be in the keystore array.
这篇关于用于在iOS上运行HTTPS服务器的SSL身份证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
