Objective c 目标-C/C从SecKeyRef中提取私钥(模数)
我需要一种干净的方法来提取我的服务器公钥,并将其与本地数据进行比较,以防止将来密钥过期/续订,但我似乎无法获取256位密钥或将其表示为有用的数据进行比较 这是我到目前为止所拥有的Objective c 目标-C/C从SecKeyRef中提取私钥(模数),objective-c,ssl-certificate,nsurlconnection,nsurl,Objective C,Ssl Certificate,Nsurlconnection,Nsurl,我需要一种干净的方法来提取我的服务器公钥,并将其与本地数据进行比较,以防止将来密钥过期/续订,但我似乎无法获取256位密钥或将其表示为有用的数据进行比较 这是我到目前为止所拥有的 -(BOOL)trustCertFromChallenge:(NSURLAuthenticationChallenge *)challenge { SecTrustResultType trustResult; SecTrustRef trust = challenge.protectionSpace
-(BOOL)trustCertFromChallenge:(NSURLAuthenticationChallenge *)challenge
{
SecTrustResultType trustResult;
SecTrustRef trust = challenge.protectionSpace.serverTrust;
OSStatus status = SecTrustEvaluate(trust, &trustResult);
NSString *localKey = @"MY_PUBLIC_KEY";
NSData *localKeyData = [localKey dataUsingEncoding:NSUTF8StringEncoding];
SecCertificateRef serverCertificate = SecTrustGetCertificateAtIndex(trust, 0);
SecKeyRef key = SecTrustCopyPublicKey(trust);
DLog(@"Cert: %@ Key:%@",serverCertificate,key);
// this prints the correct cert information and key information
// for clarity....
// Key: <SecKeyRef algorithm id: 1, key type: RSAPublicKey, version: 3, block size: 2048 bits, exponent: {hex: 10001, decimal: 65537}, modulus: MY_PUBLIC_KEY, addr: 0x7fa78b80bc00>
// so far so good.. now for grabbing the key
NSData *keyData = [self getPublicKeyBitsFromKey:key];
DLog(@"Local: %@ - %li Key: %@ - %li",[localKeyData description],[localKeyData length],[keyData description],[keyData length]);
if ([localKeyData isEqualToData:keyData])
DLog(@"ITS THE SAME!");
else
DLog(@"NOT THE SAME!");
}
这将返回270字节,而不是预期的256字节。。我无法将其与我的localData
本地密钥是512字节的ASCII(为什么?)45323636 32323330,派生密钥是270字节的UTF8 223b70a0 56f28f68
首先,我需要从getPublicKeyBitsFromKey
获取256个字节,并且我还需要以相同的方式表示数据以进行比较
同样值得注意的是
NSString *keyString = [NSString stringWithUTF8String:[keyData bytes]];
及
返回(空)
甚至连日志都没有
任何帮助都将不胜感激,因此请提前感谢。我通过在本地复制.der并锁定它的公钥来解决这个问题
-(BOOL)trustCertFromChallenge:(NSURLAuthenticationChallenge *)challenge
{
SecTrustResultType trustResult;
SecTrustRef trust = challenge.protectionSpace.serverTrust;
OSStatus status = SecTrustEvaluate(trust, &trustResult);
//DLog(@"Failed: %@",error.localizedDescription);
//DLog(@"Status: %li | Trust: %@ - %li",(long)status,trust,(long)trustResult);
if (status == 0 && (trustResult == kSecTrustResultUnspecified || trustResult == kSecTrustResultProceed)) {
SecKeyRef serverKey = SecTrustCopyPublicKey(trust);
NSString *certPath = [[NSBundle mainBundle] pathForResource:@"MYCert" ofType:@"der"];
NSData *certData = [NSData dataWithContentsOfFile:certPath];
SecCertificateRef localCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
SecKeyRef localKey = NULL;
SecTrustRef localTrust = NULL;
SecCertificateRef certRefs[1] = {localCertificate};
CFArrayRef certArray = CFArrayCreate(kCFAllocatorDefault, (void *)certRefs, 1, NULL);
SecPolicyRef policy = SecPolicyCreateBasicX509();
OSStatus status = SecTrustCreateWithCertificates(certArray, policy, &localTrust);
if (status == errSecSuccess)
localKey = SecTrustCopyPublicKey(localTrust);
CFRelease(localTrust);
CFRelease(policy);
CFRelease(certArray);
if (serverKey != NULL && localKey != NULL && [(__bridge id)serverKey isEqual:(__bridge id)localKey])
return YES;
else
return NO;
}
//DLog(@"Failed: %@",error.localizedDescription);
return NO;
}
您解决了这个问题吗?我通过在本地拥有.pem(.der)的副本并仅锁定公钥而不是整个证书来解决它。。那样的话,就算过期也没关系,汉克斯!这是一个救命稻草。回来之前别忘了释放serverKey。嘿,不客气。。。证书固定一点也不好玩!你是说add
CFRelease(serverKey)代码>在CFRelease下(certArray)代码>?请随意编辑:)
NSString *keyString = [[NSString alloc] initWithBytes:[keyData bytes] length:[keyData length] encoding:NSUTF8StringEncoding];
NSString *keyString = [NSString stringWithCharacters:[keyData bytes] length:[keyData length]];
-(BOOL)trustCertFromChallenge:(NSURLAuthenticationChallenge *)challenge
{
SecTrustResultType trustResult;
SecTrustRef trust = challenge.protectionSpace.serverTrust;
OSStatus status = SecTrustEvaluate(trust, &trustResult);
//DLog(@"Failed: %@",error.localizedDescription);
//DLog(@"Status: %li | Trust: %@ - %li",(long)status,trust,(long)trustResult);
if (status == 0 && (trustResult == kSecTrustResultUnspecified || trustResult == kSecTrustResultProceed)) {
SecKeyRef serverKey = SecTrustCopyPublicKey(trust);
NSString *certPath = [[NSBundle mainBundle] pathForResource:@"MYCert" ofType:@"der"];
NSData *certData = [NSData dataWithContentsOfFile:certPath];
SecCertificateRef localCertificate = SecCertificateCreateWithData(NULL, (__bridge CFDataRef)certData);
SecKeyRef localKey = NULL;
SecTrustRef localTrust = NULL;
SecCertificateRef certRefs[1] = {localCertificate};
CFArrayRef certArray = CFArrayCreate(kCFAllocatorDefault, (void *)certRefs, 1, NULL);
SecPolicyRef policy = SecPolicyCreateBasicX509();
OSStatus status = SecTrustCreateWithCertificates(certArray, policy, &localTrust);
if (status == errSecSuccess)
localKey = SecTrustCopyPublicKey(localTrust);
CFRelease(localTrust);
CFRelease(policy);
CFRelease(certArray);
if (serverKey != NULL && localKey != NULL && [(__bridge id)serverKey isEqual:(__bridge id)localKey])
return YES;
else
return NO;
}
//DLog(@"Failed: %@",error.localizedDescription);
return NO;
}