2012-04-20 98 views
6

我正從我的應用試圖連接的服務器接收身份驗證質詢,因此我已實施了connection:didReceiveAuthenticationChallenge:方法。我需要發送一個SecCertificateRef和一個SecIdentityRef。身份正在工作,但證書需要作爲NSArray發送,我無法弄清楚如何將CFArrayRef轉換爲NSArray爲NSURLConnection身份驗證挑戰創建SecCertificateRef

這是我創造的身份和證書方法:

// Returns an array containing the certificate 
- (CFArrayRef)getCertificate { 
    SecCertificateRef certificate = nil; 
    NSString *thePath = [[NSBundle mainBundle] pathForResource:@"CertificateName" ofType:@"p12"]; 
    NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath]; 
    CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data; 
    certificate = SecCertificateCreateWithData(nil, inPKCS12Data); 
    SecCertificateRef certs[1] = { certificate }; 
    CFArrayRef array = CFArrayCreate(NULL, (const void **) certs, 1, NULL); 

    SecPolicyRef myPolicy = SecPolicyCreateBasicX509(); 
    SecTrustRef myTrust; 

    OSStatus status = SecTrustCreateWithCertificates(array, myPolicy, &myTrust); 
    if (status == noErr) { 
    NSLog(@"No Err creating certificate"); 
    } else { 
    NSLog(@"Possible Err Creating certificate"); 
    } 
    return array; 
} 

// Returns the identity 
- (SecIdentityRef)getClientCertificate { 
    SecIdentityRef identityApp = nil; 
    NSString *thePath = [[NSBundle mainBundle] pathForResource:@"CertificateName" ofType:@"p12"]; 
    NSData *PKCS12Data = [[NSData alloc] initWithContentsOfFile:thePath]; 
    CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data; 
    CFStringRef password = CFSTR("password"); 
    const void *keys[] = { kSecImportExportPassphrase };//kSecImportExportPassphrase }; 
    const void *values[] = { password }; 
    CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL); 
    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL); 
    OSStatus securityError = SecPKCS12Import(inPKCS12Data, options, &items); 
    CFRelease(options); 
    CFRelease(password); 
    if (securityError == errSecSuccess) { 
    NSLog(@"Success opening p12 certificate. Items: %ld", CFArrayGetCount(items)); 
    CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0); 
    identityApp = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity); 
    } else { 
    NSLog(@"Error opening Certificate."); 
    } 
    return identityApp; 
} 

然後在connection:didReceiveAuthenticationChallenge:我有:

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { 
    if ([challenge previousFailureCount] == 0) { 
    SecIdentityRef identity = [self getClientCertificate]; // Go get a SecIdentityRef 
    CFArrayRef certs = [self getCertificate]; // Get an array of certificates 

    // Convert the CFArrayRef to a NSArray 
    NSArray *myArray = (__bridge NSArray *)certs; 

    // Create the NSURLCredential 
    NSURLCredential *newCredential = [NSURLCredential credentialWithIdentity:identity certificates:certs persistence:NSURLCredentialPersistenceNone]; 

    // Send 
    [challenge.sender useCredential:newCredential forAuthenticationChallenge:challenge]; 
    } else { 
    // Failed 
    [[challenge sender] cancelAuthenticationChallenge:challenge]; 
    } 
} 

應用程序崩潰時創建NSURLCredential。經過進一步檢查,我得出結論,當我將CFArrayRef轉換爲NSArray時,SecCertificateRef的數據丟失,並且該數組包含空引起崩潰。

如何將SecCertificateRef放入NSArray?我錯過了一步,還是我做錯了?

回答

6

我終於找到答案了。我應該使用SecIdentityCopyCertificate(identity, &certificateRef);而不是SecCertificateCreateWithData(nil, inPKCS12Data);來創建我的證書。

相關問題