我想通过使用网络扩展框架的代码连接Vpn。
我有一个P12证书,使VPN连接也是一个根CA(Crt)证书来验证P12证书。
我的问题是以编程方式验证P12证书。
我正在使用以下代码连接到VPN。
let p = NEVPNProtocolIKEv2()
p.authenticationMethod = NEVPNIKEAuthenticationMethod.None
p.useExtendedAuthentication = true
p.serverAddress = "102.xxx.xxx.xx"
p.remoteIdentifier = "102.xxx.xxx.xx"
p.disconnectOnSleep = false
p.deadPeerDetectionRate = NEVPNIKEv2DeadPeerDetectionRate.Medium
// TODO: Add an option into config page
manager.localizedDescription = "VPN On - \(title)"
if let grp = group {
p.localIdentifier = grp
} else {
p.localIdentifier = "VPN"
}
if let username = account {
p.username = username
}
if let certficiateData = certificate {
p.authenticationMethod = NEVPNIKEAuthenticationMethod.Certificate
p.serverCertificateCommonName = server
p.serverCertificateIssuerCommonName = "Root-CA"
if #available(iOSApplicationExtension 8.3, *) {
p.certificateType = NEVPNIKEv2CertificateType.RSA
} else {
// Fallback on earlier versions
}
// Here i Provide Certificate Data .
let rootCertPath = NSBundle.mainBundle().pathForResource("certificate", ofType: "p12")
let certficiateData = NSData(contentsOfFile: rootCertPath!)
// I need to verify above P12 Certificate with rootCA.crt before Passing to identityData
p.identityData = certficiateData
}
manager.enabled = true
manager.`protocol` = p