检查 canAuthenticateAgainstProtectionSpace 中的公钥

发布于 2024-11-01 04:20:11 字数 784 浏览 9 评论 0原文

我被要求根据 canAuthenticateAgainstProtectionSpace 中的已知值检查公钥（NSURLConnection ）

这就是我到目前为止所拥有的：

- (BOOL)connection:(NSURLConnection *)connection 
        canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace 
    {
        SecKeyRef publicKey = SecTrustCopyPublicKey([protectionSpace serverTrust]);

        NSLog(@"%@",SecTrustCopyPublicKey([protectionSpace serverTrust])); 
        return YES;
}

How can I Compare the public key against已知值？

NSLog 生成：，这并不是很有用。

原文

I have been asked to check the public key against a known value in canAuthenticateAgainstProtectionSpace ( a delegate callback of NSURLConnection )

This is what I have so far:

- (BOOL)connection:(NSURLConnection *)connection 
        canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace 
    {
        SecKeyRef publicKey = SecTrustCopyPublicKey([protectionSpace serverTrust]);

        NSLog(@"%@",SecTrustCopyPublicKey([protectionSpace serverTrust])); 
        return YES;
}

How can I compare the public key against a known value?

The NSLog produces: <SecKeyRef: 0x687c000> which isn't vary useful.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

骄兵必败 2024-11-08 04:20:11

如果有人关心的话，解决方案是使用捆绑包中保存的证书逐字节检查证书。

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace 
{
    SecTrustRef trust = [protectionSpace serverTrust];

    SecCertificateRef certificate = SecTrustGetCertificateAtIndex(trust, 0);

    NSData* ServerCertificateData = (NSData*) SecCertificateCopyData(certificate);

    // Check if the certificate returned from the server is identical to the saved certificate in
    // the main bundle
    BOOL areCertificatesEqual = ([ServerCertificateData 
                                  isEqualToData:[MyClass getCertificate]]);

    [ServerCertificateData release];

    if (!areCertificatesEqual) 
    {    
        NSLog(@"Bad Certificate, canceling request");
        [connection cancel];
    }

    // If the certificates are not equal we should not talk to the server;
    return areCertificatesEqual;
}

Incase anyone cares, the solution was to check the certificatie byte for byte with a certificate saved on the bundle.

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace 
{
    SecTrustRef trust = [protectionSpace serverTrust];

    SecCertificateRef certificate = SecTrustGetCertificateAtIndex(trust, 0);

    NSData* ServerCertificateData = (NSData*) SecCertificateCopyData(certificate);

    // Check if the certificate returned from the server is identical to the saved certificate in
    // the main bundle
    BOOL areCertificatesEqual = ([ServerCertificateData 
                                  isEqualToData:[MyClass getCertificate]]);

    [ServerCertificateData release];

    if (!areCertificatesEqual) 
    {    
        NSLog(@"Bad Certificate, canceling request");
        [connection cancel];
    }

    // If the certificates are not equal we should not talk to the server;
    return areCertificatesEqual;
}

回复收藏 0 原文

作业与我同在 2024-11-08 04:20:11

请注意，SecCertificateCopyData 以“DER”形式（可区分编码规则）返回证书。因此，您需要以这种形式将证书合并到您的应用程序中，而不是作为 pem 或任何格式。要使用 openssl 将证书转换为 DER，请使用以下命令： openssl x509 -in server.crt -out server.der -outform DER

回复收藏 0 原文

~没有更多了~