iOS: Network SSL相关问题
来源:互联网 发布:佛教的软件 编辑:程序博客网 时间:2024/06/14 15:12
问题引自:点击打开链接
http://stackoverflow.com/questions/9874932/ssl-identity-certificate-to-run-an-https-server-on-ios
http://stackoverflow.com/questions/26592389/ios-creating-a-server-socket-for-mutual-ssl-authentication-using-gcdasyncsocket
http://stackoverflow.com/questions/28407397/objective-c-eveluate-server-certificate-signed-by-our-own-pki-root-ca-on-tls
Apple Doc
https://developer.apple.com/library/ios/documentation/Security/Conceptual/CertKeyTrustProgGuide/iPhone_Tasks/iPhone_Tasks.html#//apple_ref/doc/uid/TP40001358-CH208-SW13
SSL Identity Certificate to run an HTTPS Server on iOS
I'm trying to build an HTTPS server in an iOS app, in order to act as a proxy between my web-app and my external server.
I have managed to make an HTTP server by listening to a socket, either thanks to CFSocketRef or using the GCDAsyncSocket library. I have also succeed to make a Mac app running an HTTPS server, using the GCDAsyncSocket library and thanks to my method "secureSocket:" below which secures the connection:
- (void)socket:(GCDAsyncSocket *)sock didAcceptNewSocket:(GCDAsyncSocket *)newSocket{ // (...) // secure the connection [self secureSocket:newSocket]; // (...)}- (void)secureSocket:(GCDAsyncSocket *)sock{ // The root self-signed certificate I have created NSString *certificatePath = [[NSBundle mainBundle] pathForResource:@"certificate" ofType:@"cer"]; NSData *certData = [[NSData alloc] initWithContentsOfFile:certificatePath]; CFDataRef certDataRef = (CFDataRef)certData; SecCertificateRef cert = SecCertificateCreateWithData(NULL, certDataRef); [certData release]; // the "identity" certificate SecIdentityRef identityRef; SecIdentityCreateWithCertificate(NULL, cert, &identityRef); // the certificates array, containing the identity then the root certificate NSArray *certs = [[NSArray alloc] initWithObjects:(id)identityRef, (id)cert, nil]; // the SSL configuration NSMutableDictionary *settings = [NSMutableDictionary dictionaryWithCapacity:3]; [settings setObject:[NSNull null] forKey:(NSString *)kCFStreamSSLPeerName]; [settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kCFStreamSSLAllowsAnyRoot]; [settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kCFStreamSSLAllowsExpiredRoots]; [settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kCFStreamSSLAllowsExpiredCertificates]; [settings setObject:[NSNumber numberWithBool:NO] forKey:(NSString *)kCFStreamSSLValidatesCertificateChain]; [settings setObject:(NSString *)kCFStreamSocketSecurityLevelNegotiatedSSL forKey:(NSString*)kCFStreamSSLLevel]; [settings setObject:certs forKey:(NSString *)kCFStreamSSLCertificates]; [settings setObject:[NSNumber numberWithBool:YES] forKey:(NSString *)kCFStreamSSLIsServer]; [sock startTLS:settings]; [certs release];}
The certificate I'm using is a self-signed server SSL certificate I have created with Keychain Access. So I understand that I have to give the system a configuration set with an array containing an identity and a certificate. And it works fine on my Mac app.
The problem is to enable the SSL on the HTTP server of my iOS app. The method "SecIdentityCreateWithCertificate()" which creates the identity doesn't exist on iOS and I don't know how to create an identity another way.
How to create an SecIdentityRef on iOS (to enable SSL server side)? Did I miss somethinglike to store the public/private key in my app, or something else? Thank you so much.
2 Answers
I will post a separate answer, as comments are not suitable for code sharing.
Here is what I use to import my PKCS12:
CFArrayRef keyref = NULL;OSStatus sanityChesk = SecPKCS12Import((__bridge CFDataRef)p12Data, (__bridge CFDictionaryRef)[NSDictionary dictionaryWithObject:password forKey:(__bridge id)kSecImportExportPassphrase], &keyref);if (sanityChesk != noErr) { NSLog(@"Error while importing pkcs12 [%d]", sanityChesk); return nil;}NSArray *keystore = (__bridge_transfer NSArray *)keyref;
The complete p12 content will be in the keystore array.
It looks like you need to import the identity using a PKCS #12 file. See listing 2-2 inhttps://developer.apple.com/library/ios/#documentation/Security/Conceptual/CertKeyTrustProgGuide/iPhone_Tasks/iPhone_Tasks.html#//apple_ref/doc/uid/TP40001358-CH208-SW13 .
NSDictionary *optionsDictionary = [NSDictionary dictionaryWithObject:@"myPrivateKeyPassword" forKey:(id)kSecImportExportPassphrase]; CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL); securityError = SecPKCS12Import(inPKCS12Data, optionsDictionary, &items);
– Laurent May 1 '12 at 14:46 - iOS: Network SSL相关问题
- python ssl相关问题说明
- 微信小程序开发SSL证书相关问题
- network相关
- ssl相关
- iOS icon 相关问题
- iOS 定位相关问题
- iOS 10 相关问题
- iOS数组相关问题
- iOS runtime相关问题
- iOS Network
- Network - Wireshark decrypts SSL Traffic
- SSL 证书购买以及Nginx配置相关问题
- 解决qt5上qt.network.ssl: QSslSocket: cannot call unresolved function TLSv1_1_client_method 问题
- SSL编程的相关调研,ssl对libev的支持以及存在的问题
- IOS 屏幕旋转相关问题
- ios编译错误相关问题
- IOS---文件路径相关问题
- 利用OpenCV霍夫变换检测出圆
- view在UIViewController中的生命周期
- IPTables工具及其与netfilter关系介绍
- Java集合研究一:Set与Map
- hiredis api学习
- iOS: Network SSL相关问题
- 第四题
- UE/UI设计流程
- 解决form post->servlet中文乱码
- poj 1087 A Plug for UNIX isap
- log4j的配置与使用
- devstack多节点时间不一致导致服务无法up
- noip 2004 合并果子
- ubuntu14.04中的tmp文件夹生命周期