堆栈内存溢出
  简体   繁体   English

在iPhone的钥匙串中存储和访问x509证书

[英]Store & access x509 certificate in iPhone's keychain

 原文  2012-05-14 17:03:42       iphone/ ssl/ https

问题描述

Can 3rd party application access iPhone's keychain in order to add X509 certificate to it? 第三方应用程序可以访问iPhone的钥匙串以便添加X509证书吗? If yes, how can it be done? 如果是,怎么办?
If not, can it access keychain just to read certificates from it? 如果没有,它可以访问钥匙串只是为了从中读取证书吗?

Basically, what I need is: 基本上,我需要的是:
1) my application needs to access https site which uses certificate not signed by any trusted CA. 1)我的应用程序需要访问https站点,该站点使用未由任何可信CA签名的证书。 when trying to connect via https, I get an exception. 当尝试通过https连接时,我得到一个例外。
2) it would be great If I could programmatically add the root's certificate to the keychain; 2)如果我能以编程方式将根证书添加到钥匙串中,那就太棒了; it would be sufficient if the user could access the site via Safari, accept its certificate, and then access the site using my application. 如果用户可以通过Safari访问该站点,接受其证书,然后使用我的应用程序访问该站点就足够了。

So far, I've been using the following interface to surpass https: 到目前为止,我一直在使用以下界面来超越https: 

@interface NSURLRequest (DummyInterface)
+ (BOOL)allowsAnyHTTPSCertificateForHost:(NSString*)host;
+ (void)setAllowsAnyHTTPSCertificate:(BOOL)allow forHost:(NSString*)host;
@end

but this is not exactly what I want. 但这不是我想要的。

Any suggestions? 有什么建议?

1 个解决方案

解决方案1
 3 已采纳  2012-10-15 10:28:06

This Apple document should document enough stuff to permit adding self-signed certificate (or a self-signed certificate authority) into the keychain, and make it trusted. 此Apple文档应记录足够的内容,以允许将自签名证书(或自签名证书颁发机构)添加到钥匙串中,并使其受信任。 I didn't test it, though. 不过,我没有测试过。 Source 资源

See also the top answer on this question . 另见这个问题最佳答案 It, however, doesn't seem to actually verify the validity of the certificate. 但是,它似乎并没有真正验证证书的有效性。 Cocoanetics has also documented how to use NSURLConnection with self-signed certificates , and similarly also doesn't seem to verify the validity. Cocoanetics还记录了如何将NSURLConnection与自签名证书一起使用 ,同样似乎也没有验证其有效性。

So, you almost certainly want to follow Apple's instructions. 所以,你几乎肯定想要遵循Apple的指示。 The "Extracting and Evaluating an Identity From a *.P12 file" section appears to contain a complete example on how to import a certificate, even one protected with a passphrase. “从* .P12文件中提取和评估标识”部分似乎包含有关如何导入证书的完整示例,即使是使用密码保护的证书也是如此。

Combine that with "AdvancedURLConnections" sample code and the ServerTrustChallengeHandler class and you should be good to go. 将它与“AdvancedURLConnections”示例代码ServerTrustChallengeHandler类相结合,您应该很高兴。

Here's also a more complete example by Vanja Komadinović . VanjaKomadinović也是一个更完整的例子

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 iPhone从RSA公钥生成X509证书 - iPhone generate X509 certificate from RSA public key 我们可以在IOS SDK iphone中检索序列号,发行者DN,x509证书的主题详细信息吗? - Can we retrieve Serial No, Issuer DN, Subject Details of a x509 Certificate in IOS SDK iphone iphone - 在钥匙串访问中没有显示的分发证书 - iphone - distribution certificate not showing in keychain access 将客户端证书导入iPhone的钥匙串 - Importing a client certificate into the iPhone's keychain Iphone钥匙串访问下导出/导入证书,私钥的问题 - The issues of exporting/importing certificate , private key under keychain access for Iphone 我的访问密钥链证书 - My Access KeyChain certificate 如何使用Keychain访问来存储iPhone App中的密码? - How to use Keychain access to store passwords in iPhone App? 如何以编程方式访问iPhone可信证书库? - How to programmatically access the iPhone trusted certificate store? 如果分发证书已更新,iphone app update 可以访问钥匙串吗? - Can iphone app update access the keychain if the distribution certificate has been updated? 我可以访问iPhone上的钥匙串吗? - Can I access the keychain on the iPhone?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM