我从服务器获取此JSON:
{ "令牌":" ab4a26912e9f027281fa5rfes6c8671d", " apiurl":" https://betanodeapi.cbd.com/localedit/updatetoken", "进程":" ping", "时间戳":1526464583221, "签名&#34 ;:" y8uhig78t9yuhvgcyUiGp8zKd3yeM62 + KRvrShdWUQHaO7kgMf9S2Ag8xAqB8h1VDko / M5cPTQSuNz14SThgfo5ekGStKfOVEYyq2rLFCiWr9FLMugz2oE / XJr6pK1Exo3BDjhrdWC78L4uc7ff1MxBSVbsqry7XxO8djxNmLZ2pZLfdAgiMLv0SVwVxsoXpRE44 / a6PbGqnTC9xGgpohqA9KLKYnr9z26 + syZgwJ0RU2yrZv8Jhhp / A ==" }
我还有 publicKey.pem :
----- BEGIN PUBLIC KEY ----- MI + IBIjANBgkqhkiG9w0 / BAQEFAAOCAQ8AMIIBCgKCAQ ++ EA1oTBrNUtmc + QxkGi0KDZ eDW9hwL983d7i4bOIMWHoobHcaILkB + huj60ocLeWR + cr9um7TdSfcFKDm8p5HYh6i1e PuXaXgBBtln47n0yu + R + N9hsFDfZSGpGVTiOAEhIqG2UlSWk31 + ot9Kh51Mfy6V9mM nvrHfaux19aemQwK2BvOXZ1i / ukXQokCCBK8 + fde2Id3Xx4 + I2TX4me4SDC1vu4zO + BGX / g2reiPEatKIsGxNsmDFG4GuMCSKDoUm + NNBgJcgG4Nmv6Z1lhopPqdMiN + SP9 xKHuOzRN8x1JMZEqkLAI47AQsy4 + zhJivtxHhhdpOxK9Z14Xj3HG4vdjiEdOvInV6RW xQIDAQAB ----- END PUBLIC KEY -----
我需要使用 publicKey 验证签名和数据。
我在下面写了一个方法来获取 SecKeyRef证书对象:
- (SecKeyRef)SecKeyRefFromFile:(NSString *) fileName
{
NSString *path = [[NSBundle mainBundle] pathForResource:fileName ofType:nil];
NSString* pespublicKey = [NSString stringWithContentsOfFile:path
encoding:NSUTF8StringEncoding
error:NULL];;
NSData *cert = [[NSData alloc] initWithBase64EncodedNSString:pespublicKey];
SecCertificateRef certRef = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)cert);
SecKeyRef key = NULL;
SecTrustRef trust = NULL;
SecPolicyRef policy = NULL;
if (cert != NULL) {
policy = SecPolicyCreateBasicX509();
if (policy) {
// CFArrayRef array = CFArrayCreate(NULL, (const void **) certRef, 1, NULL);
// CFArrayRef array = CFArrayCreate(NULL,(CFTypeRef) cert, 1, NULL);
SecCertificateRef certs[1] = { certRef };
CFArrayRef array = CFArrayCreate(NULL, (const void **) certs, 1, NULL);
// if (SecTrustCreateWithCertificates((CFTypeRef)cert, policy, &trust) == noErr) { //NOT WORKING
// if (SecTrustCreateWithCertificates(CFBridgingRetain(cert), policy, &trust) == noErr) { //NOT WORKING
// if (SecTrustCreateWithCertificates(certRef, policy, &trust) == noErr) { //NOT WORKING
// if (SecTrustCreateWithCertificates((CFTypeRef)certRef, policy, &trust) == noErr) { //NOT WORKING
// if (SecTrustCreateWithCertificates(CFBridgingRetain(CFBridgingRelease(certRef)), policy, &trust) == noErr) { //NOT WORKING
if(SecTrustCreateWithCertificates(array, policy, &trust) == errSecSuccess){
SecTrustResultType result;
OSStatus res = SecTrustEvaluate(trust, &result);
if (result == kSecTrustResultProceed || result == kSecTrustResultUnspecified) {
key = SecTrustCopyPublicKey(trust);
}
}
}
}
if (policy) CFRelease(policy);
if (trust) CFRelease(trust);
if (cert) CFRelease((__bridge CFTypeRef)(cert));
return key;
}
但它在SecTrustCreateWithCertificates上崩溃了
主题1:EXC_BAD_ACCESS(代码= EXC_I386_GPFLT), ErrorCode -50 或主题1:EXC_BAD_ACCESS(代码= 1,地址= 0x8)
现在我不得不与以下方法进行比较:
BOOL PKCSVerifyBytesSHA256withRSA(NSData* plainData, NSData* signature, SecKeyRef publicKey)
{
uint8_t digest[CC_SHA256_DIGEST_LENGTH];
if (!CC_SHA256([plainData bytes], (CC_LONG)[plainData length], digest))
return NO;
OSStatus status = SecKeyRawVerify(publicKey,
kSecPaddingPKCS1SHA256,
digest,
CC_SHA256_DIGEST_LENGTH,
[signature bytes],
[signature length]);
return status == errSecSuccess;
}