我正在编写一个与服务器通信的应用程序,该应用程序要求客户端使用客户端证书对自己进行身份验证。我需要从应用程序包中的.p12文件中提取证书,并将其添加到应用程序密钥链中。
我一直在试图弄清楚如何从苹果的"iOS证书,密钥和信任服务任务"中获得它的工作,但对我来说,它似乎不完整,并且没有指定如何向密钥链(?)添加任何东西。
我很失落,任何帮助都很感激,提前感谢!
"Certificate, Key, and Trust Services Tasks for iOS"包含足够的信息,可以从。p12文件中提取证书。
- 清单2-1中的
演示了如何提取SecIdentityRef
清单2-2中的第二行(//1)显示了如何复制SecCertificateRef out of SecIdentityRef.
example加载p12文件,提取证书,安装到keychain。(不包括错误处理和内存管理)
NSString * password = @"Your-P12-File-Password";
NSString * path = [[NSBundle mainBundle]
pathForResource:@"Your-P12-File" ofType:@"p12"];
// prepare password
CFStringRef cfPassword = CFStringCreateWithCString(NULL,
password.UTF8String,
kCFStringEncodingUTF8);
const void *keys[] = { kSecImportExportPassphrase };
const void *values[] = { cfPassword };
CFDictionaryRef optionsDictionary
= CFDictionaryCreate(kCFAllocatorDefault, keys, values, 1,
NULL, NULL);
// prepare p12 file content
NSData * fileContent = [[NSData alloc] initWithContentsOfFile:path];
CFDataRef cfDataOfFileContent = (__bridge CFDataRef)fileContent;
// extract p12 file content into items (array)
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
OSStatus status = errSecSuccess;
status = SecPKCS12Import(cfDataOfFileContent,
optionsDictionary,
&items);
// TODO: error handling on status
// extract identity
CFDictionaryRef yourIdentityAndTrust = CFArrayGetValueAtIndex(items, 0);
const void *tempIdentity = NULL;
tempIdentity = CFDictionaryGetValue(yourIdentityAndTrust,
kSecImportItemIdentity);
SecIdentityRef yourIdentity = (SecIdentityRef)tempIdentity;
// get certificate from identity
SecCertificateRef yourCertificate = NULL;
status = SecIdentityCopyCertificate(yourIdentity, &yourCertificate);
// at last, install certificate into keychain
const void *keys2[] = { kSecValueRef, kSecClass };
const void *values2[] = { yourCertificate, kSecClassCertificate };
CFDictionaryRef dict
= CFDictionaryCreate(kCFAllocatorDefault, keys2, values2,
2, NULL, NULL);
status = SecItemAdd(dict, NULL);
// TODO: error handling on status