获取SSL证书详细信息

时间:2011-10-23 21:16:23

标签: ios ssl certificate signature fingerprint

我想检查一下-(void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge收到的SSL证书,我有以下代码片段,它给出了发行人公共名称和DER。

SecTrustRef trustRef = [[challenge protectionSpace] serverTrust];
SecTrustEvaluate(trustRef, NULL);
CFIndex count = SecTrustGetCertificateCount(trustRef); 

for (CFIndex i = 0; i < count; i++)
{
    SecCertificateRef certRef = SecTrustGetCertificateAtIndex(trustRef, i);
    CFStringRef certSummary = SecCertificateCopySubjectSummary(certRef);
    CFDataRef certData = SecCertificateCopyData(certRef);
}

此外,我想获得指纹和签名。 我的SSL知识并不那么深刻;我可以从DER表示中提取上述内容吗?

文档没有帮助。 http://developer.apple.com/library/ios/#documentation/Security/Reference/certifkeytrustservices/Reference/reference.html

1 个答案:

答案 0 :(得分:13)

你可以像这样获得sha1指纹。

// #import <CommonCrypto/CommonDigest.h>
+(NSString*)sha1:(NSData*)certData {
    unsigned char sha1Buffer[CC_SHA1_DIGEST_LENGTH]; 
    CC_SHA1(certData.bytes, certData.length, sha1Buffer); 
    NSMutableString *fingerprint = [NSMutableString stringWithCapacity:CC_SHA1_DIGEST_LENGTH * 3]; 
    for (int i = 0; i < CC_SHA1_DIGEST_LENGTH; ++i) 
        [fingerprint appendFormat:@"%02x ",sha1Buffer[i]]; 
    return [fingerprint stringByTrimmingCharactersInSet:[NSCharacterSet whitespaceCharacterSet]]; 
}

可以以类似的方式获得md5指纹。以这种方式获得的sha1和md5哈希值与Safari和Chrome显示的指纹匹配,以获得不受信任的证书。