我已经为我在我的软件包中添加的单个证书实现了以下代码。
(void)connection:(NSURLConnection *)connection
willSendRequestForAuthenticationChallenge:
(NSURLAuthenticationChallenge *)challenge
{
if ([challenge previousFailureCount] == 0)
{
identity = [self getClientCertificate];
CFArrayRef certs = [self getCertificate];
NSArray *myArray = (__bridge NSArray *)certs;
NSURLCredential *newCredential = [NSURLCredential credentialWithIdentity:identity
certificates:myArray persistence:NSURLCredentialPersistenceNone];
[challenge.sender useCredential:newCredential forAuthenticationChallenge:challenge];
}
else {
[[challenge sender] cancelAuthenticationChallenge:challenge];
}
}
(CFArrayRef)getCertificate
{
SecCertificateRef certificate = nil;
SecIdentityCopyCertificate(identity, &certificate);
SecCertificateRef certs[1] = {certificate};
CFArrayRef array = CFArrayCreate(NULL, (const void **) certs, 1, NULL);
SecPolicyRef myPolicy = SecPolicyCreateBasicX509();
SecTrustRef myTrust;
OSStatus status = SecTrustCreateWithCertificates(array, myPolicy, &myTrust);
if (status == noErr){
NSLog(@"No Err creating certificate");
}
else{
NSLog(@"Possible Err Creating certificate");
}
return array;
}
(SecIdentityRef)getClientCertificate
{
SecIdentityRef identityApp = nil;
NSString *thePath = [[NSBundle mainBundle] pathForResource:@"test" ofType:@"p12"];
NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath];
CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data;
CFStringRef password = CFSTR("Password1");
const void *keys[] = {kSecImportExportPassphrase}; //kSecImportExportPassphrase };
const void *values[] = {password};
CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
OSStatus securityError = SecPKCS12Import(inPKCS12Data, options, &items);
CFRelease(options);
CFRelease(password);
if (securityError == errSecSuccess)
{
NSLog(@"Success opening p12 certificate. Items: %ld", CFArrayGetCount(items));
CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict,
kSecImportItemIdentity);
}
else{
NSLog(@"Error opening Certificate.");
}
return identityApp;
}
单个证书可以正常工作。但是现在客户端有了新的要求,即证书不会是单一的。每个用户都会有所不同。用户将通过电子邮件发送证书p12,用户可以从中下载。
问题:将安装证书的iPhone配置文件位于不同的沙箱中,而应用程序位于另一个沙箱中。
如何在不知道凭据(用户名和密码)的情况下访问此类证书,而不将其保留在捆绑中。
提前致谢。