1

我有支持 NSURLConnection 的 UIWebView。我想添加证书。当我想从证书中提取身份和信任时,OSStatus 返回错误 -26275。你有什么想法如何使它正确吗?这是代码:

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
NSError *error = nil;
NSString *path = [[NSBundle mainBundle] pathForResource:[@"xxxx.pem" stringByDeletingPathExtension] ofType:[@"xxxx.pem" pathExtension]];
NSData *certData = [[NSData alloc] initWithContentsOfFile:path options:0 error:&error];
CFDataRef inP12data = (__bridge CFDataRef)certData;
SecIdentityRef identity;
SecTrustRef trust;


OSStatus status = extractIdentityAndTrust(inP12data, &identity, &trust);
NSLog(@"status %d", (int)status);
if(status == errSecSuccess) {
    SecCertificateRef certificate;
    SecIdentityCopyCertificate(identity, &certificate);
    const void *certs[] = { certificate };
    CFArrayRef certsArray = CFArrayCreate(NULL, certs, 1, NULL);
    NSArray *certificatesForCredential = (__bridge NSArray *)certsArray;
    NSURLCredential *credential = [NSURLCredential credentialWithIdentity:identity
                                                             certificates:certificatesForCredential
                                                              persistence:NSURLCredentialPersistencePermanent];
    [challenge.sender useCredential:credential forAuthenticationChallenge:challenge];
    CFRelease(identity);
    CFRelease(certificate);
    CFRelease(certsArray);
}
else {
    [challenge.sender cancelAuthenticationChallenge:challenge];
}


}

和 extractIdentityAndTrust 函数:

OSStatus extractIdentityAndTrust(CFDataRef inPKCS12Data, SecIdentityRef *identity, SecTrustRef *trust){
OSStatus securityError = errSecSuccess;


CFStringRef password = CFSTR("XXXXX");
const void *keys[] =   { kSecImportExportPassphrase };
const void *values[] = { password };
CFDictionaryRef optionsDictionary = CFDictionaryCreate(
                                                       NULL, keys,
                                                       values, 1,
                                                       NULL, NULL);
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
securityError = SecPKCS12Import(inPKCS12Data,
                                optionsDictionary,
                                &items);

if (securityError == 0) {
    CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);
    const void *tempIdentity = NULL;
    tempIdentity = CFDictionaryGetValue (myIdentityAndTrust,
                                         kSecImportItemIdentity);
    *identity = (SecIdentityRef)tempIdentity;
    const void *tempTrust = NULL;
    tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust);
    *trust = (SecTrustRef)tempTrust;
}

if (optionsDictionary) {
    CFRelease(optionsDictionary);
}

return securityError;
}
4

1 回答 1

0

这是证书的问题。我在 Organizer -> devices -> current device -> Console 中查看了控制台,我看到:

Could not load download manifest with underlying error: Error Domain=NSURLErrorDomain Code=-1202 "Cannot connect to the Store"

我刚刚安装了证书,一切正常。就是这样:

NSString *rootCertPath = [[NSBundle mainBundle] pathForResource:@"XXXXX" ofType:@"pem"];
NSData *rootCertData = [NSData dataWithContentsOfFile:rootCertPath];

OSStatus err = noErr;
SecCertificateRef rootCert = SecCertificateCreateWithData(kCFAllocatorDefault, (CFDataRef) rootCertData);

CFTypeRef result;

NSDictionary* dict = [NSDictionary dictionaryWithObjectsAndKeys:
(id)kSecClassCertificate, kSecClass,
rootCert, kSecValueRef,
nil];

err = SecItemAdd((CFDictionaryRef)dict, &result);

if( err == noErr) {
    NSLog(@"Install root certificate success");
} else if( err == errSecDuplicateItem ) {
    NSLog(@"duplicate root certificate entry");
} else {
    NSLog(@"install root certificate failure");
}
于 2014-01-09T13:58:04.960 回答