Objective c 目标-C/C从SecKeyRef中提取私钥（模数）_Objective C_Ssl Certificate_Nsurlconnection_Nsurl

Objective c 目标-C/C从SecKeyRef中提取私钥（模数）

objective-c

Objective c 目标-C/C从SecKeyRef中提取私钥（模数）,objective-c,ssl-certificate,nsurlconnection,nsurl,Objective C,Ssl Certificate,Nsurlconnection,Nsurl,我需要一种干净的方法来提取我的服务器公钥，并将其与本地数据进行比较，以防止将来密钥过期/续订，但我似乎无法获取256位密钥或将其表示为有用的数据进行比较这是我到目前为止所拥有的 -(BOOL)trustCertFromChallenge:(NSURLAuthenticationChallenge *)challenge { SecTrustResultType trustResult; SecTrustRef trust = challenge.protectionSpace

我需要一种干净的方法来提取我的服务器公钥，并将其与本地数据进行比较，以防止将来密钥过期/续订，但我似乎无法获取256位密钥或将其表示为有用的数据进行比较

这是我到目前为止所拥有的

-(BOOL)trustCertFromChallenge:(NSURLAuthenticationChallenge *)challenge
{

    SecTrustResultType trustResult;
    SecTrustRef trust = challenge.protectionSpace.serverTrust;
    OSStatus status = SecTrustEvaluate(trust, &trustResult);


    NSString *localKey = @"MY_PUBLIC_KEY";
    NSData *localKeyData = [localKey dataUsingEncoding:NSUTF8StringEncoding];

    SecCertificateRef serverCertificate = SecTrustGetCertificateAtIndex(trust, 0);
    SecKeyRef key = SecTrustCopyPublicKey(trust);

    DLog(@"Cert: %@  Key:%@",serverCertificate,key);

    // this prints the correct cert information and key information
    // for clarity....
    // Key: <SecKeyRef algorithm id: 1, key type: RSAPublicKey, version: 3, block size: 2048 bits, exponent: {hex: 10001, decimal: 65537}, modulus: MY_PUBLIC_KEY, addr: 0x7fa78b80bc00>

    // so far so good.. now for grabbing the key
    NSData *keyData = [self getPublicKeyBitsFromKey:key];

    DLog(@"Local: %@ - %li Key: %@ - %li",[localKeyData description],[localKeyData length],[keyData description],[keyData length]);


    if ([localKeyData isEqualToData:keyData])
        DLog(@"ITS THE SAME!");
    else
        DLog(@"NOT THE SAME!");

}

这将返回270字节，而不是预期的256字节。。我无法将其与我的

localData

本地密钥是512字节的ASCII（为什么？）45323636 32323330，派生密钥是270字节的UTF8 223b70a0 56f28f68

首先，我需要从

getPublicKeyBitsFromKey

获取256个字节，并且我还需要以相同的方式表示数据以进行比较

同样值得注意的是

NSString *keyString = [NSString stringWithUTF8String:[keyData bytes]];

及

返回（空）

甚至连日志都没有

任何帮助都将不胜感激，因此请提前感谢。

我通过在本地复制.der并锁定它的公钥来解决这个问题

-(BOOL)trustCertFromChallenge:(NSURLAuthenticationChallenge *)challenge
{
    SecTrustResultType trustResult;
    SecTrustRef trust = challenge.protectionSpace.serverTrust;
    OSStatus status = SecTrustEvaluate(trust, &trustResult);

    //DLog(@"Failed: %@",error.localizedDescription);
    //DLog(@"Status: %li | Trust: %@ - %li",(long)status,trust,(long)trustResult);

    if (status == 0 && (trustResult == kSecTrustResultUnspecified || trustResult == kSecTrustResultProceed)) {

        SecKeyRef serverKey = SecTrustCopyPublicKey(trust);

        NSString *certPath = [[NSBundle mainBundle] pathForResource:@"MYCert" ofType:@"der"];
        NSData *certData = [NSData dataWithContentsOfFile:certPath];
        SecCertificateRef localCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);

        SecKeyRef localKey = NULL;
        SecTrustRef localTrust = NULL;
        SecCertificateRef certRefs[1] = {localCertificate};
        CFArrayRef certArray = CFArrayCreate(kCFAllocatorDefault, (void *)certRefs, 1, NULL);
        SecPolicyRef policy = SecPolicyCreateBasicX509();
        OSStatus status = SecTrustCreateWithCertificates(certArray, policy, &localTrust);

        if (status == errSecSuccess)
            localKey = SecTrustCopyPublicKey(localTrust);

        CFRelease(localTrust);
        CFRelease(policy);
        CFRelease(certArray);

         if (serverKey != NULL && localKey != NULL && [(__bridge id)serverKey isEqual:(__bridge id)localKey])
            return YES;
        else
            return NO;
    }

    //DLog(@"Failed: %@",error.localizedDescription);

    return NO;
}

您解决了这个问题吗？我通过在本地拥有.pem（.der）的副本并仅锁定公钥而不是整个证书来解决它。。那样的话，就算过期也没关系，汉克斯！这是一个救命稻草。回来之前别忘了释放serverKey。嘿，不客气。。。证书固定一点也不好玩！你是说add

CFRelease（serverKey）在CFRelease下（certArray）？请随意编辑：）
NSString *keyString = [[NSString alloc] initWithBytes:[keyData bytes] length:[keyData length] encoding:NSUTF8StringEncoding];

NSString *keyString = [NSString stringWithCharacters:[keyData bytes] length:[keyData length]];

-(BOOL)trustCertFromChallenge:(NSURLAuthenticationChallenge *)challenge
{
    SecTrustResultType trustResult;
    SecTrustRef trust = challenge.protectionSpace.serverTrust;
    OSStatus status = SecTrustEvaluate(trust, &trustResult);

    //DLog(@"Failed: %@",error.localizedDescription);
    //DLog(@"Status: %li | Trust: %@ - %li",(long)status,trust,(long)trustResult);

    if (status == 0 && (trustResult == kSecTrustResultUnspecified || trustResult == kSecTrustResultProceed)) {

        SecKeyRef serverKey = SecTrustCopyPublicKey(trust);

        NSString *certPath = [[NSBundle mainBundle] pathForResource:@"MYCert" ofType:@"der"];
        NSData *certData = [NSData dataWithContentsOfFile:certPath];
        SecCertificateRef localCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);

        SecKeyRef localKey = NULL;
        SecTrustRef localTrust = NULL;
        SecCertificateRef certRefs[1] = {localCertificate};
        CFArrayRef certArray = CFArrayCreate(kCFAllocatorDefault, (void *)certRefs, 1, NULL);
        SecPolicyRef policy = SecPolicyCreateBasicX509();
        OSStatus status = SecTrustCreateWithCertificates(certArray, policy, &localTrust);

        if (status == errSecSuccess)
            localKey = SecTrustCopyPublicKey(localTrust);

        CFRelease(localTrust);
        CFRelease(policy);
        CFRelease(certArray);

         if (serverKey != NULL && localKey != NULL && [(__bridge id)serverKey isEqual:(__bridge id)localKey])
            return YES;
        else
            return NO;
    }

    //DLog(@"Failed: %@",error.localizedDescription);

    return NO;
}