Checking a Public Key in canAuthenticateAgainstProtectionSpace

前端未结

关注

 2  1850

I have been asked to check the public key against a known value in canAuthenticateAgainstProtectionSpace ( a delegate callback of NSURLConnection )

This is

相关标签:

2条回答

醉话见心

2021-02-06 18:32

Note that SecCertificateCopyData returns the certificate in it's "DER" form, Distinguished Encoding Rules. So you need to incorporate the certificate in your App in that form, and not as a pem or whatever format. To convert a certificate to DER with openssl use the command: openssl x509 -in server.crt -out server.der -outform DER

0 讨论(0)
发布评论:

提交评论
- 加载中...

别跟我提以往

2021-02-06 18:38

Incase anyone cares, the solution was to check the certificatie byte for byte with a certificate saved on the bundle.

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace 
{
    SecTrustRef trust = [protectionSpace serverTrust];

    SecCertificateRef certificate = SecTrustGetCertificateAtIndex(trust, 0);

    NSData* ServerCertificateData = (NSData*) SecCertificateCopyData(certificate);

    // Check if the certificate returned from the server is identical to the saved certificate in
    // the main bundle
    BOOL areCertificatesEqual = ([ServerCertificateData 
                                  isEqualToData:[MyClass getCertificate]]);

    [ServerCertificateData release];

    if (!areCertificatesEqual) 
    {    
        NSLog(@"Bad Certificate, canceling request");
        [connection cancel];
    }

    // If the certificates are not equal we should not talk to the server;
    return areCertificatesEqual;
}

0 讨论(0)