檢查在canAuthenticateAgainstProtectionSpace

Question

公共密鑰我被要求覈對已知值在canAuthenticateAgainstProtectionSpace公鑰（的NSURLConnection委託回調）

這是我到目前爲止有：

- (BOOL)connection:(NSURLConnection *)connection 
     canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace 
    { 
     SecKeyRef publicKey = SecTrustCopyPublicKey([protectionSpace serverTrust]); 

     NSLog(@"%@",SecTrustCopyPublicKey([protectionSpace serverTrust])); 
     return YES; 
} 

如何將公鑰與已知值進行比較？

NSLog產生：<SecKeyRef: 0x687c000>這不是有用的。

Answer 1

任何人都在關心，解決方案是檢查證書字節的字節，並在證書上保存證書。

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace 
{ 
    SecTrustRef trust = [protectionSpace serverTrust]; 

    SecCertificateRef certificate = SecTrustGetCertificateAtIndex(trust, 0); 

    NSData* ServerCertificateData = (NSData*) SecCertificateCopyData(certificate); 

    // Check if the certificate returned from the server is identical to the saved certificate in 
    // the main bundle 
    BOOL areCertificatesEqual = ([ServerCertificateData 
            isEqualToData:[MyClass getCertificate]]); 

    [ServerCertificateData release]; 

    if (!areCertificatesEqual) 
    {  
     NSLog(@"Bad Certificate, canceling request"); 
     [connection cancel]; 
    } 

    // If the certificates are not equal we should not talk to the server; 
    return areCertificatesEqual; 
} 

Answer 2

請注意，SecCertificateCopyData以「DER」形式返回證書，區分編碼規則。因此，您需要將該證書以該形式併入您的應用程序中，而不是以pem或任何格式。要使用openssl將證書轉換爲DER，請使用以下命令：openssl x509 -in server.crt -out server.der -outform DER