我想通过代码使用网络扩展框架连接 Vpn。
我有一个 P12 证书来进行 VPN 连接,还有一个 Root CA (Crt) 证书来验证 P12 证书。
我的问题是以编程方式验证 P12 证书。
我正在使用下面的代码连接到 VPN。
let p = NEVPNProtocolIKEv2()
p.authenticationMethod = NEVPNIKEAuthenticationMethod.None
p.useExtendedAuthentication = true
p.serverAddress = "102.xxx.xxx.xx"
p.remoteIdentifier = "102.xxx.xxx.xx"
p.disconnectOnSleep = false
p.deadPeerDetectionRate = NEVPNIKEv2DeadPeerDetectionRate.Medium
// TODO: Add an option into config page
manager.localizedDescription = "VPN On - \(title)"
if let grp = group {
p.localIdentifier = grp
} else {
p.localIdentifier = "VPN"
}
if let username = account {
p.username = username
}
if let certficiateData = certificate {
p.authenticationMethod = NEVPNIKEAuthenticationMethod.Certificate
p.serverCertificateCommonName = server
p.serverCertificateIssuerCommonName = "Root-CA"
if #available(iOSApplicationExtension 8.3, *) {
p.certificateType = NEVPNIKEv2CertificateType.RSA
} else {
// Fallback on earlier versions
}
// Here i Provide Certificate Data .
let rootCertPath = NSBundle.mainBundle().pathForResource("certificate", ofType: "p12")
let certficiateData = NSData(contentsOfFile: rootCertPath!)
// I need to verify above P12 Certificate with rootCA.crt before Passing to identityData
p.identityData = certficiateData
}
manager.enabled = true
manager.`protocol` = p