从证书

时间:2016-10-21 11:25:44

标签: ios objective-c ssl-certificate x509certificate public-key-encryption

我尝试从设备上保存的证书中获取公钥或私钥。 我正在使用这种方法:

    - (SecKeyRef)publicKeyFromFile:(NSString *)path
{
    NSData * certificateData = [[NSData alloc] initWithData:[[NSFileManager defaultManager] contentsAtPath:path]];

    if (certificateData != nil && certificateData.bytes != 0) {

        CFDataRef cfDataPath = CFDataCreate(NULL, [certificateData bytes], [certificateData length]);
        SecCertificateRef certificateFromFile = SecCertificateCreateWithData(NULL, cfDataPath);

        if (certificateFromFile) {
            SecPolicyRef secPolicy = SecPolicyCreateBasicX509();
            SecTrustRef trust;
            SecTrustCreateWithCertificates( certificateFromFile, secPolicy, &trust);
            SecTrustResultType resultType;
            SecTrustEvaluate(trust, &resultType);
            SecKeyRef publicKeyObj = SecTrustCopyPublicKey(trust);

            return publicKeyObj;
        }
    }

    return nil;
}

cfDataPath中有数据,但certificateFromFile始终为nil ...

有谁知道问题出在哪里?

1 个答案:

答案 0 :(得分:1)

Apple doc指的是:

  

获取公钥加密的SecKeyRef对象   从钥匙串中提取密钥如果您使用钥匙串中的现有公钥和私钥,请阅读“证书,密钥和信任服务编程指南”以了解如何检索该密钥的SecKeychainItemRef对象。   获得SecKeychainItemRef后,可以将其转换为SecKeyRef以与此API一起使用。   导入现有的公钥和私钥由于常用的不同密钥格式的数量,导入和导出公钥和私钥对比生成新密钥要复杂一些。   此示例介绍如何以PEM(隐私增强邮件)格式导入和导出密钥对。

了解详情:https://developer.apple.com/library/mac/documentation/Security/Conceptual/SecTransformPG/SigningandVerifying/SigningandVerifying.htmlhttps://developer.apple.com/library/mac/documentation/Security/Conceptual/CertKeyTrustProgGuide/01introduction/introduction.html#//apple_ref/doc/uid/TP40001358

试试这个:

  -(BOOL)trustCertFromChallenge:(NSURLAuthenticationChallenge *)challenge
 {
SecTrustResultType trustResult;
SecTrustRef trust = challenge.protectionSpace.serverTrust;
OSStatus status = SecTrustEvaluate(trust, &trustResult);

//DLog(@"Failed: %@",error.localizedDescription);
//DLog(@"Status: %li | Trust: %@ - %li",(long)status,trust,(long)trustResult);

if (status == 0 && (trustResult == kSecTrustResultUnspecified || trustResult == kSecTrustResultProceed)) {

    SecKeyRef serverKey = SecTrustCopyPublicKey(trust);

    NSString *certPath = [[NSBundle mainBundle] pathForResource:@"MYCert" ofType:@"der"];
    NSData *certData = [NSData dataWithContentsOfFile:certPath];
    SecCertificateRef localCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);

    SecKeyRef localKey = NULL;
    SecTrustRef localTrust = NULL;
    SecCertificateRef certRefs[1] = {localCertificate};
    CFArrayRef certArray = CFArrayCreate(kCFAllocatorDefault, (void *)certRefs, 1, NULL);
    SecPolicyRef policy = SecPolicyCreateBasicX509();
    OSStatus status = SecTrustCreateWithCertificates(certArray, policy, &localTrust);

    if (status == errSecSuccess)
        localKey = SecTrustCopyPublicKey(localTrust);

    CFRelease(localTrust);
    CFRelease(policy);
    CFRelease(certArray);

     if (serverKey != NULL && localKey != NULL && [(__bridge id)serverKey isEqual:(__bridge id)localKey])
        return YES;
    else
        return NO;
}

//DLog(@"Failed: %@",error.localizedDescription);

return NO;
  }

按照接受的答案了解更多详情:Objective-C / C pulling private key (modulus) from SecKeyRef

相关问题
最新问题