Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/objective-c/24.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
iphone开发:从https url验证证书信息_Iphone_Objective C_Ios_Security - Fatal编程技术网
Fatal编程技术网
  • iphone/
  • iphone开发:从https url验证证书信息

iphone开发:从https url验证证书信息

iphone objective-c ios security

iphone开发:从https url验证证书信息,iphone,objective-c,ios,security,Iphone,Objective C,Ios,Security,当用户连接到“https url”时,例如:https://encrypted.google.com,使用web浏览器(Safari、Chrome等),则用户可以获取与此类“https url”相关的证书信息;也就是说,在连接到url的情况下”https://encrypted.google.com“,可以验证以下证书信息: Equifax安全证书颁发机构 *.google.com发布人:谷歌互联网管理局。证书的过期日期。证书是否有效 有关证书的更多详细信息,如签名算法、公钥信息、指纹等 因此,

当用户连接到“https url”时,例如:https://encrypted.google.com,使用web浏览器(Safari、Chrome等),则用户可以获取与此类“https url”相关的证书信息;也就是说,在连接到url的情况下”https://encrypted.google.com“,可以验证以下证书信息:

  • Equifax安全证书颁发机构
  • *.google.com发布人:谷歌互联网管理局。证书的过期日期。证书是否有效
  • 有关证书的更多详细信息,如签名算法、公钥信息、指纹等
    • 因此,问题是:“为了获得上述信息(或者至少知道证书是否有效),正确的目标C函数调用是什么?”

    提前感谢,可以使用NSURLConnection委托方法获取证书信息:

    - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
    即:

    - (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
BOOL  result = [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
NSLog(@"<%p %@: %s line:%d> Result:%s", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (result == YES) ? "YES" : "NO");
return result;
}

- (void)connection:(NSURLConnection *)connection      didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
NSArray *trustedHosts = [NSArray arrayWithObject:@"encrypted.google.com"];
BOOL isAuthMethodServerTrust = [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
NSLog(@"<%p %@: %s line:%d> Result:%s", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (isAuthMethodServerTrust == YES) ? "YES" : "NO");
if (isAuthMethodServerTrust)
{
    if ([trustedHosts containsObject:challenge.protectionSpace.host])
    {
        NSLog(@"<%p %@: %s line:%d> trustedHosts containsObject:challenge.protectionSpace.host", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__);
        NSURLCredential* urlCredential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
        NSLog(@"<%p %@: %s line:%d> Url credential", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__);         
        [challenge.sender useCredential:urlCredential forAuthenticationChallenge:challenge];

        //Code to verify certificate info
        SecTrustRef trustRef = [[challenge protectionSpace] serverTrust];
        CFIndex count = SecTrustGetCertificateCount(trustRef); 

        for (CFIndex i = 0; i < count; i++)
        {
            SecCertificateRef certRef = SecTrustGetCertificateAtIndex(trustRef, i);
            CFStringRef certSummary = SecCertificateCopySubjectSummary(certRef);
            CFDataRef certData = SecCertificateCopyData(certRef);
            NSLog(@"<%p %@: %s line:%d> Certificate summary:%@", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (NSString*) certSummary);
            NSLog(@"<%p %@: %s line:%d> Certificate data:%@", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (NSString*) certData);
            CFRelease(certData);
        }
    }
}
}

    -(BOOL)连接:(NSURLConnection*)连接可以针对protectionSpace进行身份验证:(NSURLProtectionSpace*)protectionSpace{
BOOL result=[protectionSpace.authenticationMethod IsequalString:NSURAuthenticationMethodServerTrust];
NSLog(@“结果:%s”,self,[[NSString stringWithUTF8String:\uuuuu文件\uuuuuuuuuuu]最后路径组件],\uuuuuu漂亮的函数\uuuuuuuuuu,\uuuuuuuuu行\uuuuuu,(结果==YES);“YES”:“否”);
返回结果;
}
-(void)连接:(NSURLConnection*)连接未收到身份验证质询:(NSURLConficationChallenge*)质询{
NSArray*trustedHosts=[NSArray arrayWithObject:@“encrypted.google.com]”;
BOOL isAuthenticationMethodServerTrust=[challenge.protectionSpace.authenticationMethod isequalString:nsurAuthenticationMethodServerTrust];
NSLog(@“结果:%s”,self,[[NSString stringWithUTF8String:\uuuuu文件\uuuuuuuuuuu]最后路径组件],\uuuuuu函数\uuuuuuuuuuuuu,\uuuuuuuuuuuuuuuu行](isAuthMethodServerTrust==是)?“是”:“否”);
如果(isAuthMethodServerTrust)
{
if([trustedHosts包含对象:challenge.protectionSpace.host])
{
NSLog(@“trustedHosts containsObject:challenge.protectionSpace.host”,self,[[NSString stringWithUTF8String:\uuuu文件\uuuuuuuuuuu]最后路径组件],\uuuuuu漂亮的函数,\uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu;
NSURLCredential*urlCredential=[nsurlCredentialCredentialForTrust:challenge.protectionSpace.serverTrust];
NSLog(@“Url凭证”,self,[[NSString stringWithUTF8String:\uuuu文件\uuuuuuuuu]最后路径组件],\uuuu漂亮的函数\uuuuuuuuuuuu,\uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu行];
[challenge.sender UseCdential:urlCredential for AuthenticationChallenge:challenge];
//验证证书信息的代码
SecTrustRef trustRef=[[challenge protectionSpace]serverTrust];
CFIndex count=SecTrustGetCertificateCount(trustRef);
对于(CFIndex i=0;i
    此代码为您提供了以下与“”相关的信息https://encrypted.google.com": 在“certSummary”NSString中,输入证书的颁发者。
    在证书的“certData”数据中。问题是,目前我不知道如何从此类数据(过期日期、公钥等)中提取信息,因此欢迎提供任何帮助。

    非常感谢您提供此代码!我目前正在尝试使用UIWebView控制器对具有HTTPS连接的服务器证书进行指纹验证。我将使用OpenSSL函数来完成其余的验证。获得certData后,可以使用OpenSSL解析X509证书并执行所需的其余验证。将OpenSSL引入您的项目可能有点麻烦。尽管这是一篇相当古老的帖子,@Genar您是否曾经想到如何从加载的证书数据中解析更详细的信息?在我的测试中,“certSummary”只向我打印测试中网站的URL。