当用户连接到“https url”时,例如:“https://encrypted.google.com”,使用网络浏览器(Safari、Chrome 等),则用户可以获得关于与此类“https url”相关的证书;也就是说,在连接到url“https://encrypted.google.com”的情况下,可以验证以下证书信息:
- Equifax 安全证书颁发机构
- *.google.com 发布者:Google Internet Authority。证书的到期日期。证书是否有效
- 有关证书的更多详细信息,如签名算法、公钥信息、指纹等。
因此,问题是:“为了获得上述信息(或者至少知道证书是否有效),正确的 Objective C 函数调用是什么?”
提前致谢
最佳答案
可以使用 NSURLConnection 委托(delegate)方法获取证书信息:
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge
即:
- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
BOOL result = [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
NSLog(@"<%p %@: %s line:%d> Result:%s", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (result == YES) ? "YES" : "NO");
return result;
}
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
NSArray *trustedHosts = [NSArray arrayWithObject:@"encrypted.google.com"];
BOOL isAuthMethodServerTrust = [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
NSLog(@"<%p %@: %s line:%d> Result:%s", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (isAuthMethodServerTrust == YES) ? "YES" : "NO");
if (isAuthMethodServerTrust)
{
if ([trustedHosts containsObject:challenge.protectionSpace.host])
{
NSLog(@"<%p %@: %s line:%d> trustedHosts containsObject:challenge.protectionSpace.host", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__);
NSURLCredential* urlCredential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
NSLog(@"<%p %@: %s line:%d> Url credential", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__);
[challenge.sender useCredential:urlCredential forAuthenticationChallenge:challenge];
//Code to verify certificate info
SecTrustRef trustRef = [[challenge protectionSpace] serverTrust];
CFIndex count = SecTrustGetCertificateCount(trustRef);
for (CFIndex i = 0; i < count; i++)
{
SecCertificateRef certRef = SecTrustGetCertificateAtIndex(trustRef, i);
CFStringRef certSummary = SecCertificateCopySubjectSummary(certRef);
CFDataRef certData = SecCertificateCopyData(certRef);
NSLog(@"<%p %@: %s line:%d> Certificate summary:%@", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (NSString*) certSummary);
NSLog(@"<%p %@: %s line:%d> Certificate data:%@", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (NSString*) certData);
CFRelease(certData);
}
}
}
}
此代码为您提供以下与“https://encrypted.google.com”相关的信息: 在“certSummary”NSString 中,证书的颁发者。 在证书的“certData”数据中。问题是目前我不知道如何从此类数据中提取信息(过期日期、公钥...),因此欢迎任何帮助。
关于iphone 开发 : verify the certificate information from a https url,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/6402442/