4

我正在尝试将证书添加到钥匙串。我看到了几篇从文件中创建此内容的帖子,但我想从 NSString 创建一个。

我的 NSString 在 RSA - 64base 上,就像:

-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIJAL8qgXMVVVhPMA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAkJSMRIw
...
FT70at8bty9ocDaXuI3j6mfw2SI=
-----END CERTIFICATE-----

我正在尝试做这样的事情:

+ (NSMutableDictionary *)newSearchDictionary:(NSString *)identifier {
    NSMutableDictionary *searchDictionary = [[NSMutableDictionary alloc] init];

    [searchDictionary setObject:(__bridge id)kSecClassCertificate forKey:(__bridge id)kSecClass];

    NSData *encodedIdentifier = [identifier dataUsingEncoding:NSUTF8StringEncoding];
    [searchDictionary setObject:encodedIdentifier forKey:(__bridge id)kSecAttrGeneric];
    [searchDictionary setObject:encodedIdentifier forKey:(__bridge id)kSecAttrAccount];
    [searchDictionary setObject:SERVICE_NAME forKey:(__bridge id)kSecAttrService];
    return searchDictionary;
}


+ (BOOL)createKeychainValue:(NSString *)certificado forIdentifier:(NSString *)identifier {
    NSMutableDictionary *dictionary = [self newSearchDictionary:identifier];

    NSData *certificadoData = [certificado dataUsingEncoding:NSUTF8StringEncoding];
    SecCertificateRef cert = SecCertificateCreateWithData(NULL, (__bridge CFDataRef) certificadoData);

    [dictionary setObject:(__bridge id)(cert) forKey:(__bridge id<NSCopying>)(kSecValueRef)];

    OSStatus status = SecItemAdd((__bridge CFDictionaryRef)dictionary, NULL);

    CFRelease(cert);

    if (status == errSecSuccess) {
        return YES;
    }
    return NO;
}

但是将证书归还为零。可能是因为我的证书是 PEM 并且我需要 DER。我怎样才能转换?我在我的项目中使用 openssl。

4

2 回答 2

3

对我有用并创建 SecCertificateRef 的函数是:

+ (NSData *)derFromPem:(NSString *)pem {

    BIO *certBio = BIO_new(BIO_s_mem());
    BIO_write(certBio, [pem UTF8String], strlen([pem UTF8String]));
    X509 *x = PEM_read_bio_X509(certBio,NULL,0,NULL);
    BIO *outBio = BIO_new(BIO_s_mem());
    i2d_X509_bio(outBio, x);

    int len = BIO_pending(outBio);
    char *out = calloc(len + 1, 1);
    int i = BIO_read(outBio, out, len);

    return [NSData dataWithBytes:out length:i];
}
于 2013-10-28T17:36:04.807 回答
1

将 RSA 公钥从 PEM 转换为 DER:

更新

- (NSData *)derFromPem:(NSString *)pem
{
    if (pem.length == 0) {
        return nil;
    }

    NSData *result = nil;
    const char *pem_str = [pem UTF8String];

    BIO *bio;
    RSA *rsa;
    // X509 *x509;

    bio = BIO_new_mem_buf(pem_str, strlen(pem_str));

    if (bio) {
        rsa = PEM_read_bio_RSAPublicKey(bio, &rsa, NULL, NULL);
        // x509 = PEM_read_bio_X509(bio, &x509, NULL/*password*/, NULL);

        if (rsa) { // or if (x509)
            uint8_t *buf, *bufp;
            int len = i2d_RSAPublicKey(rsa, NULL);
            // int len = i2d_X509(x509, NULL);

            if (len >= 0) {
                buf = bufp = malloc(len);
                i2d_RSAPublicKey(rsa, &bufp);
                // i2d_X509(x509, &bufp);
            }

            if (len >= 0) {
                result = [NSData dataWithBytes:buf length:len];
                free(buf);
            }

            RSA_free(rsa);
            // X509_free(x509);
        }

        BIO_free(bio);
    }

    return result;
}
于 2013-10-25T04:59:50.133 回答