GCDAsyncSocket双向认证

Question

我使用GCD AsyncSocket创建客户端应用程序，以连接到服务器，java通过SSLServer套接字创建，并带有自签名证书。通过单向身份验证，我可以很好地插入SSL套接字和通信。但是使用双向身份验证，我不知道如何实现它。在iOS客户端，我将拥有一个客户端的证书，服务器将在此证书的基础上信任客户机。我也能很好地从.p12文件中读取证书。感谢任何建议。

Answer 1

经过了很多幸运的过程。它已经解决了。在本教程中，使用服务器、andoird和client :具有双向身份验证的http://www.herongyang.com/JDK/SSL-Client-Authentication.html。服务器将需要客户端证书。您可以在didConnectToHost委托中调用它。NSMutableDictionary *sslSettings = [NSMutableDictionary alloc init]；

    SecIdentityRef identityout; // You can get SecIdentityRef object from *.p12 keystore file. SSL Socket Server will authentication client base on this certificate. At server side, we will add client's certificate to trust manager.

    [sslSettings setObject:@0 forKey:GCDAsyncSocketSSLProtocolVersionMax];
    [sslSettings setObject:@YES forKey:GCDAsyncSocketManuallyEvaluateTrust]; // This will call a delegate method socket:(GCDAsyncSocket *)sock didReceiveTrust: ...
    [sslSettings setObject:[[NSArray alloc] initWithObjects:(__bridge id)(identityout), nil] forKey:GCDAsyncSocketSSLCertificates];        
    [self.asyncSocket startTLS:sslSettings];

在didReceiveTrust：(SecTrustRef)信任completionHandler:(void (^)(BOOL))completionHandler。客户端将验证服务器的证书手册。您可以使用以下代码获得服务器证书：SecCertificateRef serverCertificate = SecTrustGetCertificateAtIndex(trust, 0);

使用自签名证书，必须将服务器证书添加到密钥链中，并使用SecTrustEvaluate方法检查服务器证书。或者您可以比较服务器证书并以这种方式保存：

SecCertificateRef serverCertificate = SecTrustGetCertificateAtIndex(trust, 0); SecCertificateRef savedCertificate = SecTrustGetCertificateAtIndex(self.saveServerTrust, 0);
    NSLog(@"Server's certificate subject: %@",summaryString);
    NSLog(@"Saved certificate subject: %@",summaryString1);


    if(nil == serverCertificate || nil == savedCertificate)
        NSLog(@"Faile");

CFDataRef serverCertificateData = SecCertificateCopyData(serverCertificate);
CFDataRef saveCertificateData = SecCertificateCopyData(savedCertificate);

const UInt8* const serverData = CFDataGetBytePtr(serverCertificateData);
const CFIndex serverDataSize = CFDataGetLength(serverCertificateData);
NSData* cert1 = [NSData dataWithBytes:serverData length:(NSUInteger)serverDataSize];

const UInt8* const SaveCertificateData = CFDataGetBytePtr(saveCertificateData);
const CFIndex SaveCertificateDataSize = CFDataGetLength(serverCertificateData);
NSData* cert2= [NSData dataWithBytes:SaveCertificateData length:(NSUInteger)SaveCertificateDataSize];

if (cert1 == nil || cert2 == nil) {
    NSLog(@"Certificate NULL");
    completionHandler(NO);
    return;
}

const BOOL equal = [cert1 isEqualToData:cert2];

if (equal) {

    NSLog(@"Certificate match");
    completionHandler(YES);
}
else{
    NSLog(@"Certificate not match");
    completionHandler(NO);
}`