论坛 › Tomcat › Tomcat配置https单向双向认证，iOS加密解密验证，iOS访问HTTPS

buhao 发表于 2017-2-10 13:07:46

Tomcat配置https单向双向认证，iOS加密解密验证，iOS访问HTTPS

NSURL *url = ;
ASIFormDataRequest *request = ;
;//set to NO if you use the self-signed certificate
如果这个时候你开启验证，则会返回如下错误A connection failure occurred: SSL problem (Possible causes may include a bad/expired/self-signed certificate, clock set to wrong date)

因为我们的证书是自签名，而苹果已经明确提示，你的证书可能是自签名，所以导致失败。
   
SecIdentityRef identity = NULL;
SecTrustRef trust = NULL;
//    SecCertificateRef myReturnedCertificate = NULL;
NSData *PKCS12Data = pathForResource:@"client" ofType:@"p12"]];
//    NSLog(@"%@",[ pathForResource:@"client" ofType:@"p12"]);
;
;
//    status = SecIdentityCopyCertificate (identity,&myReturnedCertificate);
//      ];

;
NSError *error = ;

if (!error) {
//do something
}
......
}

思路就是读取p12文件，然后将证书内容和证书密钥导出，然后将证书塞入request,随后startSynchronous
+ (BOOL)extractIdentity:(SecIdentityRef *)outIdentity andTrust:(SecTrustRef*)outTrust fromPKCS12Data:(NSData *)inPKCS12Data
{
OSStatus securityError = errSecSuccess;
//NSDictionary *optionsDictionary = ;
CFStringRef password = CFSTR("1234"); //证书密码
const void *keys[] =   { kSecImportExportPassphrase };
const void *values[] = { password };
CFDictionaryRef optionsDictionary = CFDictionaryCreate(NULL, keys,values, 1,NULL, NULL);
CFArrayRef items = CFArrayCreate(NULL, 0, 0, NULL);
securityError = SecPKCS12Import((CFDataRef)inPKCS12Data,(CFDictionaryRef)optionsDictionary,&items);
if (securityError == 0) {
CFDictionaryRef myIdentityAndTrust = CFArrayGetValueAtIndex (items, 0);
const void *tempIdentity = NULL;
tempIdentity = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemIdentity);
*outIdentity = (SecIdentityRef)tempIdentity;
const void *tempTrust = NULL;
tempTrust = CFDictionaryGetValue (myIdentityAndTrust, kSecImportItemTrust);
*outTrust = (SecTrustRef)tempTrust;
} else {
NSLog(@"Failed with error code %d",(int)securityError);
return NO;
}
return YES;
}


四.RSA服务端加密，客户端解密
根据私钥和csr导出公钥 

 

 

 

 

 



NSString *pkcsPath = [ pathForResource:@"root" ofType:@"p12"];
// 下面的与上面的一样
//NSString *pkcsPath = [ pathForResource:@"pkcs-daniate" ofType:@"pfx"];
NSString *certPath = [ pathForResource:@"server_public_key" ofType:@"der"];
Security *security = ;
OSStatus status = -1;
status = ;
NSLog(@"status = %ld", status);
// 取得公钥
status = ;
NSLog(@"status = %ld", status);
// 苹果官方文档中只说了短数据加密，但也提到了长数据的分段加密
// 短数据
NSString *plainText = @"This is plain text~中华人民共和国~";
NSData *plainData = ;
NSData *encrypted = ;
NSData *decrypted = ;
//NSString *encryptedText = [ initWithData:encrypted encoding:NSUTF8StringEncoding];
NSString *decryptedText = [ initWithData:decrypted encoding:NSUTF8StringEncoding];
//NSLog(@"plainData: %p", plainData);
//NSLog(@"encrypted: %p", encrypted);
//NSLog(@"decrypted: %p", decrypted);
NSLog(@"encrypted: %@",encrypted);
NSLog(@"decrypted text: %@", decryptedText);

p12文件包含私密，der则是包含公钥，分别提取并且利用其加密解密，从而达到验证的目的。




详细页面：http://www.verydemo.com/demo_c134_i6417.html

查看完整版本: Tomcat配置https单向双向认证，iOS加密解密验证，iOS访问HTTPS