iphone开发:validation来自https url的证书信息
当用户使用networking浏览器(Safari,Chrome,…)连接到“https url”(例如:“https://encrypted.google.com”)时,用户可以获取有关证书的相关信息到一个这样的“httpsurl”; 即在连接到URL“https://encrypted.google.com”的情况下,可以validation以下证书信息:
- Equifax安全证书颁发机构
- * .google.com发布者:Google互联网pipe理局。 证书的到期date。 证书是否有效
- 关于签名algorithm,公钥信息,指纹等证书的更多细节
所以问题是:“为了得到上述信息(或者至less知道证书是否有效),什么是正确的Objective C函数调用?”
提前致谢,
证书信息可以使用NSURLConnection委托方法获得:
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge 那是:
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace { BOOL result = [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]; NSLog(@"<%p %@: %s line:%d> Result:%s", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (result == YES) ? "YES" : "NO"); return result; } - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge { NSArray *trustedHosts = [NSArray arrayWithObject:@"encrypted.google.com"]; BOOL isAuthMethodServerTrust = [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]; NSLog(@"<%p %@: %s line:%d> Result:%s", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (isAuthMethodServerTrust == YES) ? "YES" : "NO"); if (isAuthMethodServerTrust) { if ([trustedHosts containsObject:challenge.protectionSpace.host]) { NSLog(@"<%p %@: %s line:%d> trustedHosts containsObject:challenge.protectionSpace.host", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__); NSURLCredential* urlCredential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]; NSLog(@"<%p %@: %s line:%d> Url credential", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__); [challenge.sender useCredential:urlCredential forAuthenticationChallenge:challenge]; //Code to verify certificate info SecTrustRef trustRef = [[challenge protectionSpace] serverTrust]; CFIndex count = SecTrustGetCertificateCount(trustRef); for (CFIndex i = 0; i < count; i++) { SecCertificateRef certRef = SecTrustGetCertificateAtIndex(trustRef, i); CFStringRef certSummary = SecCertificateCopySubjectSummary(certRef); CFDataRef certData = SecCertificateCopyData(certRef); NSLog(@"<%p %@: %s line:%d> Certificate summary:%@", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (NSString*) certSummary); NSLog(@"<%p %@: %s line:%d> Certificate data:%@", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (NSString*) certData); CFRelease(certData); } } } }
此代码为您提供了有关“https://encrypted.google.com”的以下信息:在“certSummary”NSString证书的颁发者。 在证书的“certData”数据中。 问题是,目前我不知道如何从这样的数据(过期date,公钥,…)提取信息,所以任何帮助将受到欢迎。