文档说:“如果验证叶证书所需的所有证书均未包含在信任管理对象中,则 SecTrustEvaluate 会在钥匙串搜索列表(请参阅 SecTrustSetKeychains)和系统的锚证书存储中(请参阅 SecTrustSetAnchorCertificates)搜索证书”。
然而,由于 SecTrustSetKeychains() 在 iOS 上不可用,因此尚不清楚该函数是否也会在应用程序的钥匙串中查找。
看来你已经有一段时间没有发帖了,所以我不确定你是否还需要答案。如果您的用例是“我受到了打击connection:didReceiveAuthenticationChallenge:
,我想确保exact正在评估证书,那么您可以使用 iOS 内置信任方法或通过 Foundation API 做更多工作:(请注意,此处并未专门调用 SecTrustEvaulate,但可以很容易地添加它)
#import <Security/Security.h>
#import <CommonCrypto/CommonDigest.h>
从那里,您可以迭代完整的证书数组,并将其与挑战服务器信任参考的 SHA1 之类的内容进行比较:
// way #1 - iOS built-in ================================================ //
SecTrustRef trust = challenge.protectionSpace.serverTrust;
CFIndex cnt = SecTrustGetCertificateCount(trust);
// way #2 - build it in yourself from a file ============================ //
OSErr err;
NSString *path = [[NSBundle mainBundle] pathForResource:@"my.cert"
ofType:@"der"];
NSData *derData = [NSData dataWithContentsOfFile:path];
SecCertificateRef myCert =
SecCertificateCreateWithData(NULL, (CFDataRef)derData);
CFMutableArrayRef array = CFArrayCreateMutable(NULL, 1, NULL);
CFArrayInsertValueAtIndex(array, 0, myCert);
err = SecTrustSetAnchorCertificates(trust, array);
if (err != errSecSuccess) {
// do something smarter here, obviously, logging would be a start
abort();
}
CFArrayRef certs = NULL;
err = SecTrustCopyCustomAnchorCertificates(trust, &certs);
if (err != errSecSuccess) {
// again, better choices needed
abort();
}
CFIndex cnt = CFArrayGetCount(certs);
// loop and compare 'em
for (int i = 0; i < cnt; i++) {
SecCertificateRef cert = SecTrustGetCertificateAtIndex(trust, i);
CFDataRef cdata = SecCertificateCopyData(cert);
NSData *data = [[NSData alloc] initWithData:(NSData *)cdata];
unsigned char digest_result[CC_SHA1_DIGEST_LENGTH];
CC_SHA1(data.bytes, data.length, digest_result);
// compare each byte with your in-code SHA1 bytes
if (allBytesMatch) {
NSURLCredential *cred = [NSURLCredential credentialForTrust:trust];
[challenge.sender useCredential:cred
forAuthenticationChallenge:challenge];
}
}
// don't forget to release & CFRelease all the alloc'ed stuff from above
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)