我带客户证书验证的战斗。当服务器需要印鉴(在这种情况下,一个证书),此方法是从调用的 NSURLConnection的的代表:
I'm fighting with a client certificate authentication. When a server needs a credential (a certificate in this case), this method is invoked from NSURLConnection delegate:
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge我想从文件加载证书,填补了凭据,并运行此方法:
I want to load a certificate from a file, fill a credential and run this method:
[[challenge sender] useCredential:[self credential] forAuthenticationChallenge:challenge];但我不知道如何初始化(或填充)一个的 SecIdentityRef 的参数。下面是我创建的凭据code:
But I don't know how to initialize (or fill) a SecIdentityRef parameter. Here is my code that creates the credentials:
NSString *certPath = [[NSBundle mainBundle] pathForResource:@"certificate" ofType:@"cer"]; NSData *certData = [[NSData alloc] initWithContentsOfFile:certPath]; SecIdentityRef myIdentity; // ??? SecCertificateRef myCert = SecCertificateCreateWithData(NULL, (CFDataRef)certData); [certData release]; SecCertificateRef certArray[1] = { myCert }; CFArrayRef myCerts = CFArrayCreate(NULL, (void *)certArray, 1, NULL); CFRelease(myCert); NSURLCredential *credential = [NSURLCredential credentialWithIdentity:myIdentity certificates:(NSArray *)myCerts persistence:NSURLCredentialPersistencePermanent]; CFRelease(myCerts);是否有人知道如何解决它?谢谢你。
Does anybody know how to solve it? Thanks.
我终于找到了解决办法,但一个新的问题是在这里:
I've finally found the solution, but a new problem is here:
我的客户不发证书给服务器。服务器要求的证书后,应用程序运行此方法:
my client doesn't send the certificate to the server. After the server asks for the certificate, the application runs this method:
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge和我填凭证(如我上面提到的),但连接以错误结束: NSURLErrorDomain -1206 的。根据服务器日志客户端证书不是由应用程序发送的。
and I fill the credential (like I mentioned above), but the connection ends with an error: NSURLErrorDomain -1206. According to the server logs the client certificate is not sent by the application.
有没有人有这种行为的经验吗?我需要以某种方式核实申请人的证书?或者别的,使其工作?我可以提供我目前的code。如果它帮助。感谢您的任何想法......
Has anybody any experience with this behaviour? Do I need to somehow verify the certificate in the application? Or anything else to make it work? I can provide my current code if it helps. Thanks for any ideas...
推荐答案我使用以下步骤:
和休息(凭证初始化)是一样的,我的问题...我可以把这里的更多code,如果你想。需要注意的是在iPhone模拟器中的错误( openradar.appspot/7090030 ) ,所以这是不可能用在模拟器很多荣誉证书的工作
and the rest (a credential initialization) is the same as in my question... I can put here more code if you want. Note that there is a bug (openradar.appspot/7090030) in the iphone simulator, so it is not possible to work with a lot of certifcates in the simulator.
更多推荐
iPhone:HTTPS客户端证书认证
发布评论