I have ssl certificate (.cer) which was provided to me as file.
I added it to bundle and want to use it communicating with server.
I used apple provided code:
- (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge{
DLog(@"didReceiveAuthenticationChallenge : %@",challenge);
if ([challenge.protectionSpace.authenticationMethod
isEqualToString:NSURLAuthenticationMethodServerTrust])
{
NSString *filePath = [[NSBundle mainBundle] pathForResource:@"certificate" ofType:@"cer"];
NSData *certData = [NSData dataWithContentsOfFile:filePath];
CFDataRef myCertData = (__bridge CFDataRef)certData;
SecCertificateRef myCert = SecCertificateCreateWithData(NULL,
myCertData);
SecPolicyRef myPolicy = SecPolicyCreateBasicX509(); // 3
SecCertificateRef certArray[1] = { myCert };
CFArrayRef myCerts = CFArrayCreate(NULL,
(void *)certArray,
1,
NULL);
SecTrustRef myTrust;
OSStatus status = SecTrustCreateWithCertificates(
myCerts,
myPolicy,
&myTrust); // 4
SecTrustResultType trustResult = 0;
if (status == noErr) {
status = SecTrustEvaluate(myTrust, &trustResult); // 5
}
// If the trust result is kSecTrustResultInvalid, kSecTrustResultDeny, kSecTrustResultFatalTrustFailure, you cannot proceed and should fail gracefully.
BOOL proceed = NO;
switch (trustResult) {
case kSecTrustResultProceed: // 1
DLog(@"Proceed");
proceed = YES;
break;
case kSecTrustResultConfirm: // 2
DLog(@"Confirm");
proceed = YES;
break;
case kSecTrustResultUnspecified: // 4
DLog(@"Unspecified");
break;
case kSecTrustResultRecoverableTrustFailure: // 5
DLog(@"TrustFailure");
proceed = [self recoverFromTrustFailure:myTrust];
break;
case kSecTrustResultDeny: // 3
DLog(@"Deny");
break;
case kSecTrustResultFatalTrustFailure: // 6
DLog(@"FatalTrustFailure");
break;
case kSecTrustResultOtherError: // 7
DLog(@"OtherError");
break;
case kSecTrustResultInvalid: // 0
DLog(@"Invalid");
break;
default:
DLog(@"Default");
break;
}
if (myPolicy)
CFRelease(myPolicy);
if (proceed) {
[challenge.sender useCredential:[NSURLCredential credentialForTrust: challenge.protectionSpace.serverTrust] forAuthenticationChallenge: challenge];
}else{
[[challenge sender] cancelAuthenticationChallenge:challenge];
}
}
}
- (BOOL) recoverFromTrustFailure:(SecTrustRef) myTrust
{
SecTrustResultType trustResult;
OSStatus status = SecTrustEvaluate(myTrust, &trustResult); // 1
//Get time used to verify trust
CFAbsoluteTime trustTime,currentTime,timeIncrement,newTime;
CFDateRef newDate;
if (trustResult == kSecTrustResultRecoverableTrustFailure) {// 2
trustTime = SecTrustGetVerifyTime(myTrust); // 3
timeIncrement = 31536000; // 4
currentTime = CFAbsoluteTimeGetCurrent(); // 5
newTime = currentTime - timeIncrement; // 6
if (trustTime - newTime){ // 7
newDate = CFDateCreate(NULL, newTime); // 8
SecTrustSetVerifyDate(myTrust, newDate); // 9
status = SecTrustEvaluate(myTrust, &trustResult); // 10
}
}
if (trustResult != kSecTrustResultProceed) {
DLog(@"Failed with status : %li",trustResult); // 11
return NO;
}else{
DLog(@"Procced");
return YES;
}
}
However i am getting kSecTrustResultRecoverableTrustFailure . Also used apple sample in this situation but it didn't helped.
Maybe some one could help me on this ?
Thank you.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…