iphone开发:验证来自https网址的证书信息 [英] iphone development: verify the certificate information from a https url
问题描述
当用户使用网络浏览器(Safari,Chrome,...)连接到https网址,例如:https://encrypted.google.com时,用户就可以获得有关的信息与此类https url相关的证书;也就是说,在连接到网址https://encrypted.google.com的情况下,可以验证以下证书信息:
When a user connects to a "https url", for example: "https://encrypted.google.com", using a web browser (Safari, Chrome, ...), then the user can get information about the certificate related to a such "https url"; that is, in the case of connecting to the url "https://encrypted.google.com", it is possible to verify the following certificate information:
- Equifax安全证书颁发机构
- *。google.com发布者:Google Internet Authority。证书的到期日期。证书是否有效
- 有关证书的更多详细信息,如签名算法,公钥信息,指纹等。
所以,问题是:为了获得上述信息(或者至少知道证书是否有效),有什么正确的Objective C函数调用?
So, the question is: "What are the proper Objective C function calls in order to get the aforementioned information (or at least to know if the certificate is valid)?"
提前致谢,
推荐答案
可以使用NSURLConnection委托方法获取证书信息:
Certificate information can be obtained using NSURLConnection delegate methods:
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
即:
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
BOOL result = [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
NSLog(@"<%p %@: %s line:%d> Result:%s", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (result == YES) ? "YES" : "NO");
return result;
}
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
NSArray *trustedHosts = [NSArray arrayWithObject:@"encrypted.google.com"];
BOOL isAuthMethodServerTrust = [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
NSLog(@"<%p %@: %s line:%d> Result:%s", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (isAuthMethodServerTrust == YES) ? "YES" : "NO");
if (isAuthMethodServerTrust)
{
if ([trustedHosts containsObject:challenge.protectionSpace.host])
{
NSLog(@"<%p %@: %s line:%d> trustedHosts containsObject:challenge.protectionSpace.host", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__);
NSURLCredential* urlCredential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
NSLog(@"<%p %@: %s line:%d> Url credential", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__);
[challenge.sender useCredential:urlCredential forAuthenticationChallenge:challenge];
//Code to verify certificate info
SecTrustRef trustRef = [[challenge protectionSpace] serverTrust];
CFIndex count = SecTrustGetCertificateCount(trustRef);
for (CFIndex i = 0; i < count; i++)
{
SecCertificateRef certRef = SecTrustGetCertificateAtIndex(trustRef, i);
CFStringRef certSummary = SecCertificateCopySubjectSummary(certRef);
CFDataRef certData = SecCertificateCopyData(certRef);
NSLog(@"<%p %@: %s line:%d> Certificate summary:%@", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (NSString*) certSummary);
NSLog(@"<%p %@: %s line:%d> Certificate data:%@", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (NSString*) certData);
CFRelease(certData);
}
}
}
}
这个代码为您提供与https://encrypted.google.com相关的以下信息:
在certSummaryNSString证书的颁发者。
在证书的certData数据中。问题是,目前我不知道如何从这样的数据中提取信息(到期日期,公钥......),所以欢迎任何帮助。
This code gives you the following information related to "https://encrypted.google.com": In the "certSummary" NSString the issuer of the certificate. In the "certData" data of the certificate. The problem is that at present I do not know how extract information from a such data (expiration date, public key, ...), so any help will be welcomed.
这篇关于iphone开发:验证来自https网址的证书信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
