如何将SSL证书导入到我的应用程序的钥匙串中

时间:2011-10-18 07:02:41

标签: iphone ios ios4 ssl-certificate

我想将SSL证书导入到我的应用程序的钥匙串中。我从苹果那里得到了一个示例项目,我测试了它。我确信技术上可以做到。但我的问题是,在要求客户安装证书时,我应该使用什么样的方法。我想到了以下几个选项,

- >提示用户在应用程序启动时安装凭据。

- >维护设置页面以控制凭据。

由于我的应用完全依赖于Web服务,因此我无法在没有凭据的情况下继续运行。请发表您的建议。

1 个答案:

答案 0 :(得分:0)

向您的证书提供商咨询下载证书的链接。只需将证书下载并存储在资源文件夹中即可。

以下一组代码段将为您完成工作。如果您不理解以下内容,请发表评论。

 SecIdentityRef identity = NULL;
    SecTrustRef trust = NULL;

    NSData *PKCS12Data = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"test_iphone_services" ofType:@"p12"]];

//Calling the method
[Child extractIdentity:&identity andTrust:&trust fromPKCS12Data:PKCS12Data]

    + (BOOL)extractIdentity:(SecIdentityRef *)outIdentity andTrust:(SecTrustRef*)outTrust fromPKCS12Data:(NSData *)inPKCS12Data
    {
        OSStatus securityError = errSecSuccess;
//testtest is the passsword for the certificate.
        NSDictionary *optionsDictionary = [NSDictionary dictionaryWithObject:@"testtest" forKey:(id)kSecImportExportPassphrase];

        CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
        securityError = SecPKCS12Import((CFDataRef)inPKCS12Data,(CFDictionaryRef)optionsDictionary,&items);

        if (securityError == 0) { 
            CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);
            const void *tempIdentity = NULL;
            tempIdentity = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemIdentity);
            *outIdentity = (SecIdentityRef)tempIdentity;
            const void *tempTrust = NULL;
            tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust);
            *outTrust = (SecTrustRef)tempTrust;

        } else {
            NSLog(@"Failed with error code %d",(int)securityError);
            return NO;
        }

        return YES;
    }

    #pragma mark - NSURLConnection Delegate Methods
    - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
        return [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodClientCertificate];
    }

    - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
        NSLog(@"trust %@", trust);
        NSURLCredential *credential;
        NSURLCredentialPersistence  persistence;
        persistence = NSURLCredentialPersistencePermanent;
        credential = [NSURLCredential credentialWithIdentity:identity certificates:nil persistence:persistence];

        NSLog(@"credential %@", credential);
     [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];

    }
相关问题
最新问题