如何在 Cocoa Touch 中验证网站证书?

发布于 2024-08-01 12:43:45 字数 266 浏览 8 评论 0原文

我目前使用 NSURLConnection 打开到 Web 服务器的 https 连接。 一切正常,我能够检索我想要的页面内容。 该证书是由 VeriSign 颁发的,我假设 NSURLConnection 做了一些工作来在某种程度上验证证书的真实性? 如果我通过移动 Safari 连接到同一网站,它会从证书中提取,并在导航栏中显示(网站的)组织。 是否有可能在 Cocoa Touch 中提取这些相同的细节,因为我也想将它们呈现给用户? 另外,根据该证书验证服务器的主机名是否足以合理地假设网站是合法的?

I currently open an https connection to a web server using NSURLConnection. Everything works as it should and I am able to retrieve the page content I am after. The certificate is issued by VeriSign and I assume NSURLConnection does some work to verify the authenticity of the certificate to some extent? If I connected to the same website through mobile safari it would extract from the certificate, and display the Organization (of the website) in the navigation bar. Is it possibly to extract these same details in Cocoa Touch as I too would like to present them to the user? Also would verifying the server’s host name against that certificate be reasonable enough to assume website is legitimate?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

梦里°也失望 2024-08-08 12:43:45

如果您尝试使用无效证书连接到服务器(例如,它是自签名的、过期的、主机错误等),NSURLConnection 会给您一个错误(NSURLErrorDomain) .)。 所以你实际上不需要自己做任何验证,因为这一切都为你处理好了。

如果您确实想要/需要在 UI 中显示 SSL 证书摘要,则需要从 NSURLConnection 下拉一层并使用低级 CFNetwork API。 一旦您的 CFReadStreamRef 处于 kCFStreamEventEndEncountered 状态,您应该能够执行以下操作(假设您的流句柄名为 readStream):

NSArray* certificates = [(NSArray*)CFReadStreamCopyProperty(readStream, kCFStreamPropertySSLPeerCertificates) autorelease]; 
if ([certificates count] > 0) { 
  SecCertificateRef certificate = (SecCertificateRef)[certificates objectAtIndex:0]; 
  NSString* description = [(NSString*)SecCertificateCopySubjectSummary(certificate) autorelease]; 
  NSData* data = [(NSData*)SecCertificateCopyData(certificate) autorelease]; 
}

如果您想访问证书的各种属性,则需要对 data 中保存的信息进行解码,但 description 中保存的摘要可能足以满足您的目的。

NSURLConnection will give you an error (NSURLErrorDomain) if you attempt to connect to a server with an invalid certificate (e.g. it's self signed, out of date, has the wrong host etc.). So you don't actually need to do any verification yourself, because it's all handled for you.

If you really want/need to display an SSL certificate summary in your UI, you'll need to drop down a layer from NSURLConnection and use low-level CFNetwork API instead. Once you have a CFReadStreamRef that's in the kCFStreamEventEndEncountered state, you should be able to do the following (assuming your stream handle is called readStream):

NSArray* certificates = [(NSArray*)CFReadStreamCopyProperty(readStream, kCFStreamPropertySSLPeerCertificates) autorelease]; 
if ([certificates count] > 0) { 
  SecCertificateRef certificate = (SecCertificateRef)[certificates objectAtIndex:0]; 
  NSString* description = [(NSString*)SecCertificateCopySubjectSummary(certificate) autorelease]; 
  NSData* data = [(NSData*)SecCertificateCopyData(certificate) autorelease]; 
}

You'll need to decode the information held in data if you want to access the various properties of the certificate, but the summary held in description might be enough for your purposes.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文