0
我正在用RSASHA-256對JWT進行簽名,並試圖在iOS SDK上對其進行驗證。iOS上的SecKeyRawVerify收到假錯誤
發送完整數據時,驗證通過。
但是,當篡改收到的數據時,我仍然收到誤報。
添加代碼在這裏:
//
// NSData+VerifySignature.m
// InsertFramework
//
// Created by yaniv1 on 1/13/16.
// Copyright © 2016 Insert. All rights reserved.
//
#import "NSData+VerifySignature.h"
#import "IIOStringEncoder.h"
#import "IIOLog.h"
#import "IIORSA.h"
@implementation NSData (VerifySignature)
-(NSArray *)createComponents{
NSString *data =[[NSString alloc] initWithData:self encoding:NSUTF8StringEncoding];
NSArray *components = [data componentsSeparatedByString:@"."];
if (!components || [components count] != 3) {
IIOErrorLog(@"Invalid JWT received for verification");
return nil;
}
return components;
}
-(NSData *)verifySignature:(NSHTTPURLResponse *)urlResponse {
//Getting response header content-type and checking if it is jwt
NSString *contentType = [[[urlResponse allHeaderFields][@"Content-Type"] componentsSeparatedByString:@";"] objectAtIndex:0];
if (![contentType isEqualToString:@"insert/jwt"])
{
return nil;
}
NSArray *signatureComponents = [self createComponents];
if (!signatureComponents) {
return nil;
}
//JWT is seperated into his 3 components
NSString *header = signatureComponents[0];
NSString *payload = signatureComponents[1];
NSString *signature = signatureComponents[2];
//Turining signature received in base64 to base64UrlEncoded
NSData *base64UrlEncodedSig = [IIOStringEncoder dataWithBase64UrlEncodedString:signature];
SecKeyRef pKey = [IIORSA addPublicKey];
if (!pKey) {
IIOErrorLog(@"Failed to create public key, which results in verification failure");
return nil;
}
//Creating the data to verify the signature, meaning the header.payload
NSString *headerAndPayload = [[header stringByAppendingString:@"."] stringByAppendingString:payload];
NSData *dataHeaderAndPayload = [headerAndPayload dataUsingEncoding:NSUTF8StringEncoding];
//Verify the signature. For further details, go to
BOOL status = SecKeyRawVerify (pKey,
kSecPaddingPKCS1SHA1,
(const uint8_t *)[dataHeaderAndPayload bytes],
(size_t)[dataHeaderAndPayload length],
(const uint8_t *)[base64UrlEncodedSig bytes],
(size_t)[base64UrlEncodedSig length]
);
if (!status) {
IIOErrorLog(@"Failed to verify signature");
return nil;
}
NSData *payloadDecodedData = [[NSData alloc] initWithBase64EncodedString:payload options:0];
return payloadDecodedData;
}
@end
可有人請指教?
有人比我快:) – SmokeDispenser