iphone开发:验证来自https网址的证书信息

Question

当用户使用网络浏览器(Safari,Chrome,...)连接到"https网址",例如:"https://encrypted.google.com"时,用户就可以获得有关相关证书的信息这样的"https url"; 也就是说,在连接到网址"https://encrypted.google.com"的情况下,可以验证以下证书信息:

1. Equifax安全证书颁发机构
2. *.google.com发布者:Google Internet Authority.证书的到期日期.证书是有效还是无效
3. 有关证书的更多详细信息,如签名算法,公钥信息,指纹等.

因此,问题是:"为了获得上述信息(或者至少知道证书是否有效),有什么正确的Objective C函数调用？"

提前致谢,

Answer 1

可以使用NSURLConnection委托方法获取证书信息:

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace

- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge

那是:

- (BOOL)connection:(NSURLConnection *)connection canAuthenticateAgainstProtectionSpace:(NSURLProtectionSpace *)protectionSpace {
BOOL  result = [protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
NSLog(@"<%p %@: %s line:%d> Result:%s", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (result == YES) ? "YES" : "NO");
return result;
}

- (void)connection:(NSURLConnection *)connection      didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge {
NSArray *trustedHosts = [NSArray arrayWithObject:@"encrypted.google.com"];
BOOL isAuthMethodServerTrust = [challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust];
NSLog(@"<%p %@: %s line:%d> Result:%s", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (isAuthMethodServerTrust == YES) ? "YES" : "NO");
if (isAuthMethodServerTrust)
{
    if ([trustedHosts containsObject:challenge.protectionSpace.host])
    {
        NSLog(@"<%p %@: %s line:%d> trustedHosts containsObject:challenge.protectionSpace.host", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__);
        NSURLCredential* urlCredential = [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust];
        NSLog(@"<%p %@: %s line:%d> Url credential", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__);         
        [challenge.sender useCredential:urlCredential forAuthenticationChallenge:challenge];

        //Code to verify certificate info
        SecTrustRef trustRef = [[challenge protectionSpace] serverTrust];
        CFIndex count = SecTrustGetCertificateCount(trustRef); 

        for (CFIndex i = 0; i < count; i++)
        {
            SecCertificateRef certRef = SecTrustGetCertificateAtIndex(trustRef, i);
            CFStringRef certSummary = SecCertificateCopySubjectSummary(certRef);
            CFDataRef certData = SecCertificateCopyData(certRef);
            NSLog(@"<%p %@: %s line:%d> Certificate summary:%@", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (NSString*) certSummary);
            NSLog(@"<%p %@: %s line:%d> Certificate data:%@", self, [[NSString stringWithUTF8String:__FILE__] lastPathComponent], __PRETTY_FUNCTION__, __LINE__, (NSString*) certData);
            CFRelease(certData);
        }
    }
}
}

此代码为您提供与"https://encrypted.google.com"相关的以下信息:在"certSummary"NSString中,证书的颁发者.在证书的"certData"数据中.问题是,目前我不知道如何从这样的数据中提取信息(到期日期,公钥......),所以任何帮助都会受到欢迎.