iPhone:HTTPS 客户端证书认证

iPhone: HTTPS client cert authentication(iPhone:HTTPS 客户端证书认证)

问题描述

我正在与客户端证书身份验证作斗争.当服务器需要一个凭证(在这种情况下是一个证书)时，这个方法会从 NSURLConnection 委托中调用:

I'm fighting with a client certificate authentication. When a server needs a credential (a certificate in this case), this method is invoked from NSURLConnection delegate:

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge

我想从文件中加载证书，填写凭据并运行此方法:

I want to load a certificate from a file, fill a credential and run this method:

[[challenge sender] useCredential:[self credential] forAuthenticationChallenge:challenge];

但我不知道如何初始化(或填充)SecIdentityRef 参数.这是我创建凭据的代码:

But I don't know how to initialize (or fill) a SecIdentityRef parameter. Here is my code that creates the credentials:

NSString *certPath = [[NSBundle mainBundle] pathForResource:@"certificate" ofType:@"cer"];
NSData *certData = [[NSData alloc] initWithContentsOfFile:certPath];

SecIdentityRef myIdentity;  // ???

SecCertificateRef myCert = SecCertificateCreateWithData(NULL, (CFDataRef)certData);
[certData release];
SecCertificateRef certArray[1] = { myCert };
CFArrayRef myCerts = CFArrayCreate(NULL, (void *)certArray, 1, NULL);
CFRelease(myCert);
NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity
                                  certificates:(NSArray *)myCerts
                                   persistence:NSURLCredentialPersistencePermanent];
CFRelease(myCerts);

有人知道怎么解决吗?谢谢.

Does anybody know how to solve it? Thanks.

我终于找到了解决办法，但是又出现了一个新问题:

I've finally found the solution, but a new problem is here:

我的客户端没有将证书发送到服务器.服务器请求证书后，应用程序运行此方法:

my client doesn't send the certificate to the server. After the server asks for the certificate, the application runs this method:

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge

我填写了凭据(就像我上面提到的那样)，但连接以错误结束:NSURLErrorDomain -1206.根据服务器日志，客户端证书不是由应用程序发送的.

and I fill the credential (like I mentioned above), but the connection ends with an error: NSURLErrorDomain -1206. According to the server logs the client certificate is not sent by the application.

有人遇到过这种行为吗?我是否需要以某种方式验证应用程序中的证书?或者还有什么可以让它工作的?如果有帮助，我可以提供我当前的代码.感谢您的任何想法...

Has anybody any experience with this behaviour? Do I need to somehow verify the certificate in the application? Or anything else to make it work? I can provide my current code if it helps. Thanks for any ideas...

推荐答案

我使用这些步骤:

1. 使用 SecPKCS12Import 函数从 pkcs12 证书文件中提取 SecIdentityRef
2. 使用 SecIdentityCopyCertificate 函数获取 SecCertificateRef

其余的(凭据初始化)与我的问题相同...如果您愿意，我可以在此处放置更多代码.请注意，iphone 中有一个错误 (http://openradar.appspot.com/7090030)模拟器，因此无法在模拟器中使用大量证书.

and the rest (a credential initialization) is the same as in my question... I can put here more code if you want. Note that there is a bug (http://openradar.appspot.com/7090030) in the iphone simulator, so it is not possible to work with a lot of certifcates in the simulator.

这篇关于iPhone:HTTPS 客户端证书认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！