0

我在钥匙串中创建了一个自签名证书,并且正在使用 MultipeerConnectivity 框架在设备之间传输数据。

当我们创建会话时,我们可以在 MCSession 中邀请对等方时传递 securityIdentity。

  - (instancetype)initWithPeer:(MCPeerID *)myPeerID securityIdentity:(NSArray *)identity encryptionPreference:(MCEncryptionPreference)encryptionPreference;

但是 securityIdentity 是 NSArray,我们如何在 NSArray 中传递证书以及如何在其中进行身份验证

- (void)session:(MCSession *)session didReceiveCertificate:(NSArray *)certificate fromPeer:(MCPeerID *)peerID certificateHandler:(void(^)(BOOL accept))certificateHandler;
4

1 回答 1

3

它是一个包含信息的数组,可用于将本地对等点识别为其他附近对等点。

该数组包含有助于向其他人识别对等方的对象。第一个是具有 SecKeyRef 对象和相关 SecCertificateRef 对象的 SecIdentityRef 对象。(类似于苹果开发者证书和私钥对)

数组中的其他元素可以是 SecCertificateRef 对象,表示验证 SecIdentityRef 可能需要的中间证书。

接收对等方必须验证 SecIdentityRef 表示的身份。

下面是从 p12 文件中获取 SecIdentityRef 的代码

- (SecIdentityRef)getClientCertificate 
{
    SecIdentityRef identity = nil;
    NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
    NSString *documentsDirectoryPath = [paths objectAtIndex:0];
    NSString *myFilePath = [documentsDirectoryPath stringByAppendingPathComponent:@"cert_key_pair.p12"]; 
    NSData *PKCS12Data = [NSData dataWithContentsOfFile:myFilePath];

    CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data;
    CFStringRef password = CFSTR("password");
    const void *keys[] = { kSecImportExportPassphrase };//kSecImportExportPassphrase };
    const void *values[] = { password };
    CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
    CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
    OSStatus securityError = SecPKCS12Import(inPKCS12Data, options, &items);
    CFRelease(options);
    CFRelease(password);
    if (securityError == errSecSuccess) {
        NSLog(@"Success opening p12 certificate. Items: %ld", CFArrayGetCount(items));
        CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
        identity = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);
    } else {
        NSLog(@"Error opening Certificate.");
    }

    return identity;
}

获取策略引用对象并评估信任

- (void)session:(MCSession *)session didReceiveCertificate:(NSArray *)certificate fromPeer:     (MCPeerID *)peerID certificateHandler:(void (^)(BOOL accept))certificateHandler
{ 
    SecCertificateRef myCert;
    myCert = [certificate objectAtIndex:0];    // 1

    SecPolicyRef myPolicy = SecPolicyCreateBasicX509();         // 2

    SecCertificateRef certArray[1] = { myCert };
    CFArrayRef myCerts = CFArrayCreate(
                                   NULL, (void *)certArray,
                                   1, NULL);
    SecTrustRef myTrust;
    OSStatus status = SecTrustCreateWithCertificates(
                                                myCerts,
                                                myPolicy,
                                                &myTrust);  // 3

    SecTrustResultType trustResult;
    if (status == noErr) {
        status = SecTrustEvaluate(myTrust, &trustResult);       // 4
    }
    //...                                                             
    if (trustResult == kSecTrustResultConfirm || trustResult == kSecTrustResultProceed || trustResult == kSecTrustResultUnspecified)                           // 5
    {
        certificateHandler(YES);
    }

    // ...
    if (myPolicy)
    CFRelease(myPolicy);  
}
于 2014-04-24T10:28:56.497 回答