为MCSession授权证书
为MCSession授权证书
提问于 2014-04-24 03:10:27
我已经在密钥链中创建了一个自签名证书,并且我正在使用MultipeerConnectivity框架在设备之间传输数据。
当我们创建一个会话时,当我们在MCSession中邀请同级时,我们可以传递securityIdentity。
- (instancetype)initWithPeer:(MCPeerID *)myPeerID securityIdentity:(NSArray *)identity encryptionPreference:(MCEncryptionPreference)encryptionPreference;但是securityIdentity是NSArray,我们如何在NSArray中传递证书,以及如何在
- (void)session:(MCSession *)session didReceiveCertificate:(NSArray *)certificate fromPeer:(MCPeerID *)peerID certificateHandler:(void(^)(BOOL accept))certificateHandler;回答 1
Stack Overflow用户
发布于 2014-04-24 18:28:56
它是一个包含信息的数组,可以用来向其他附近的对等点标识本地对等点。
该数组包含有助于将对等体标识给其他对等体的对象。第一个是SecIdentityRef对象,它有一个SecKeyRef对象和相关的SecCertificateRef对象。(它类似于苹果开发者证书和私钥对)
数组中的其他元素可以是表示验证SecIdentityRef可能需要的中间证书的SecCertificateRef对象。
接收对等体必须验证由SecIdentityRef表示的身份。
下面是从p12文件中获取SecIdentityRef的代码
- (SecIdentityRef)getClientCertificate
{
SecIdentityRef identity = nil;
NSArray *paths = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
NSString *documentsDirectoryPath = [paths objectAtIndex:0];
NSString *myFilePath = [documentsDirectoryPath stringByAppendingPathComponent:@"cert_key_pair.p12"];
NSData *PKCS12Data = [NSData dataWithContentsOfFile:myFilePath];
CFDataRef inPKCS12Data = (__bridge CFDataRef)PKCS12Data;
CFStringRef password = CFSTR("password");
const void *keys[] = { kSecImportExportPassphrase };//kSecImportExportPassphrase };
const void *values[] = { password };
CFDictionaryRef options = CFDictionaryCreate(NULL, keys, values, 1, NULL, NULL);
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
OSStatus securityError = SecPKCS12Import(inPKCS12Data, options, &items);
CFRelease(options);
CFRelease(password);
if (securityError == errSecSuccess) {
NSLog(@"Success opening p12 certificate. Items: %ld", CFArrayGetCount(items));
CFDictionaryRef identityDict = CFArrayGetValueAtIndex(items, 0);
identity = (SecIdentityRef)CFDictionaryGetValue(identityDict, kSecImportItemIdentity);
} else {
NSLog(@"Error opening Certificate.");
}
return identity;
}获取策略引用对象并评估信任
- (void)session:(MCSession *)session didReceiveCertificate:(NSArray *)certificate fromPeer: (MCPeerID *)peerID certificateHandler:(void (^)(BOOL accept))certificateHandler
{
SecCertificateRef myCert;
myCert = [certificate objectAtIndex:0]; // 1
SecPolicyRef myPolicy = SecPolicyCreateBasicX509(); // 2
SecCertificateRef certArray[1] = { myCert };
CFArrayRef myCerts = CFArrayCreate(
NULL, (void *)certArray,
1, NULL);
SecTrustRef myTrust;
OSStatus status = SecTrustCreateWithCertificates(
myCerts,
myPolicy,
&myTrust); // 3
SecTrustResultType trustResult;
if (status == noErr) {
status = SecTrustEvaluate(myTrust, &trustResult); // 4
}
//...
if (trustResult == kSecTrustResultConfirm || trustResult == kSecTrustResultProceed || trustResult == kSecTrustResultUnspecified) // 5
{
certificateHandler(YES);
}
// ...
if (myPolicy)
CFRelease(myPolicy);
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/23253166
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号