不幸的是,在iOS上,安全框架并没有为您提供与OSX上的序列号,DN和altNames完全相同的访问级别.
但是,您可以以原始格式(SecIdentityCopyCertificate())访问DER证书,并使用SecCertificateCopySubjectSummary()等一些粗略的函数来提取最小的东西.
如果你想获得序列号.DN和(alt)主题 - 然后你必须在今天的iOS上解析DER.一个相当简单的方法是使用OpenSSL.
我发现http://atastypixel.com/blog/easy-inclusion-of-openssl-into-iphone-app-projects/易于安装/使用.
一旦你有了这个,你可以检查DER:
CFDataRef der = SecCertificateCopyData(cert);
const unsigned char * ptr = CFDataGetBytePtr(der);
int len = CFDataGetLength(der);
d2i_X509(&x509,&ptr,len);
_sha1 = [(__bridge NSData *)der sha1];
然后你会参加比赛,比如:
X509_NAME * names_s = X509_get_subject_name(x509);
X509_NAME * names_i = X509_get_issuer_name(x509);
GENERAL_NAMES * subjects = X509_get_ext_d2i( x509, NID_subject_alt_name, 0, 0 );
ASN1_INTEGER *serial = X509_get_serialNumber(x509);
unsigned long s = ASN1_INTEGER_get(serial);
根据需要翻译所有内容有点痛苦:
+(NSArray *)names:(GENERAL_NAMES *)sANs {
int i, numAN = sk_GENERAL_NAME_num( sANs );
NSMutableArray * out = [NSMutableArray arrayWithCapacity:numAN];
for( i = 0; i < numAN; ++i ) {
GENERAL_NAME *sAN = sk_GENERAL_NAME_value( sANs, i );
if( sAN->type == GEN_DNS) {
unsigned char *dns;
int len = ASN1_STRING_to_UTF8( &dns, sAN->d.dNSName );
if (len >0) {
[out addObject:[[NSString alloc] initWithData:[NSData dataWithBytes:dns length:len] encoding:NSUTF8StringEncoding]];
OPENSSL_free( dns );
}
}
.. more types as needed ..
}
return out;
}
谢谢,
DW.
| 归档时间: |
|
| 查看次数: |
2544 次 |
| 最近记录: |