GCDAsyncSocket two way authentication SSL 双向认证
来源:互联网 发布:数据科学实战 pdf 编辑:程序博客网 时间:2024/04/29 13:23
核心
1. 怎么创建 NSMutableDictionary *sslSetting
2.怎么验证服务端公钥
准备:
本人目前使用的 iOS 公私钥是 p12, 服务端公钥建议准备.der 文件。本人实验了多种方式,觉得下面粘的代码的那种方式最靠谱。
SecIdentityRef identityout; // You can get SecIdentityRef object from *.p12 keystore file. SSL Socket Server will authentication client base on this certificate. At server side, we will add client's certificate to trust manager. [sslSettings setObject:@0 forKey:GCDAsyncSocketSSLProtocolVersionMax]; [sslSettings setObject:@YES forKey:GCDAsyncSocketManuallyEvaluateTrust]; // This will call a delegate method socket:(GCDAsyncSocket *)sock didReceiveTrust: ... [sslSettings setObject:[[NSArray alloc] initWithObjects:(__bridge id)(identityout), nil] forKey:GCDAsyncSocketSSLCertificates]; [self.asyncSocket startTLS:sslSettings];
特别需要注意这个
GCDAsyncSocketSSLProtocolVersionMax 这个key,根据实际项目,去develop.apple.com 查找适应你自己的SSL 加密方式。
2. 在- (void)socket:(GCDAsyncSocket *)sock didReceiveTrust:(SecTrustRef)trust
completionHandler:(void (^)(BOOL shouldTrustPeer))completionHandler;这个方法中
+ (BOOL)isEqualTrust:(SecTrustRef)trust
{
NSBundle *bundle = [self getTradeBundle];
NSString *rootCertPath = [bundle pathForResource:@"XXXX" ofType:@"der"];
NSData *rootCertData = [NSData dataWithContentsOfFile:rootCertPath];
OSStatus status = -1;
SecTrustResultType result = kSecTrustResultDeny;
if(rootCertData) {
// 创建信任证书
CFDataRef certData = CFBridgingRetain(rootCertData);
SecCertificateRef cert1;
cert1 = SecCertificateCreateWithData(NULL, certData);
// 设置信任证书
SecTrustSetAnchorCertificates(trust, (__bridge CFArrayRef)[NSArray arrayWithObject:(__bridge id)cert1]);
status = SecTrustEvaluate(trust, &result);
} else {
NSLog(@"local certificates could not be loaded");
return NO;
}
if (status == noErr && (result == kSecTrustResultProceed || result == kSecTrustResultUnspecified)) {
//成功通过验证,证书可信
NSLog(@"local certificates is trust");
return YES;
} else {
CFArrayRef arrayRefTrust = SecTrustCopyProperties(trust);
NSLog(@"error in connection occured\n%@", arrayRefTrust);
return NO;
}
}
- GCDAsyncSocket two way authentication SSL 双向认证
- GCDAsyncSOcket使用及其SSL/TLS双向认证的实现
- mutual certificate authentication(双向认证实例)ssl with Python
- Tomcat6 ssl 双向认证
- java ssl 双向认证
- SSL单向、双向认证
- weblogic11g ssl双向认证
- Tomcat6 ssl 双向认证
- tomcat 双向ssl认证
- apache2 ssl 双向认证
- tomcat+ssl双向认证
- HttpClient ssl双向认证
- ssl双向认证
- SSL双向认证
- SSL单双向认证
- SSL Socket 双向认证
- 双向认证SSL原理
- 双向认证SSL原理
- 00-classification.ipynb
- VC 记录程序崩溃时的调用堆栈
- docker常用命令
- php连接mysql数据库
- 程序员面试金典第二章:链表(3) 链表中倒数第k个结点
- GCDAsyncSocket two way authentication SSL 双向认证
- mysql结果集ResultSet列别名
- 重复建设,资本泡沫,未尝不是好事
- Ubuntu16.04 此软件来自第三方且可能包含非自由组件
- 给定一个链表和一个值x,编写函数,对该链表进行重排,使小于x的节点在前面
- RxJava回调线程切换
- laravel 5.2 的搜索加分页
- 01-learning-lenet.ipynb
- Ubuntu 安装32位兼容库