我有一個證書(SecCertificateRef),我可以檢查它是否有效,並且我可以使用SecCertificateCopySubjectSummary提取「摘要」。SecCertificateRef:如何獲取證書信息?
究竟是什麼「總結」?我不理解術語「包含證書內容的可讀摘要的字符串」。在Apple文檔中。我認爲,他們是指證書中的「CN」,對嗎?
是否有任何方法從SecCertificateRef中獲取清晰的X509信息?轉換爲鑰匙串對象的幫助?
我想要這樣的東西,我特別關注「CN」,將它與我提交的URL進行比較以避免中間人攻擊。 (或任何更好的想法?)
這是我想擁有的一切:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=XY, ST=Austria, L=Graz, O=TrustMe Ltd, OU=Certificate Authority, CN=CA/[email protected]
Validity
Not Before: Oct 29 17:39:10 2000 GMT
Not After : Oct 29 17:39:10 2001 GMT
Subject: C=DE, ST=Austria, L=Vienna, O=Home, OU=Web Lab, CN=anywhere.com/[email protected]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c4:40:4c:6e:14:1b:61:36:84:24:b2:61:c0:b5:
d7:e4:7a:a5:4b:94:ef:d9:5e:43:7f:c1:64:80:fd:
9f:50:41:6b:70:73:80:48:90:f3:58:bf:f0:4c:b9:
90:32:81:59:18:16:3f:19:f4:5f:11:68:36:85:f6:
1c:a9:af:fa:a9:a8:7b:44:85:79:b5:f1:20:d3:25:
7d:1c:de:68:15:0c:b6:bc:59:46:0a:d8:99:4e:07:
50:0a:5d:83:61:d4:db:c9:7d:c3:2e:eb:0a:8f:62:
8f:7e:00:e1:37:67:3f:36:d5:04:38:44:44:77:e9:
f0:b4:95:f5:f9:34:9f:f8:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Alternative Name:
email:[email protected]
Netscape Comment:
mod_ssl generated test server certificate
Netscape Cert Type:
SSL Server
Signature Algorithm: md5WithRSAEncryption
12:ed:f7:b3:5e:a0:93:3f:a0:1d:60:cb:47:19:7d:15:59:9b:
3b:2c:a8:a3:6a:03:43:d0:85:d3:86:86:2f:e3:aa:79:39:e7:
82:20:ed:f4:11:85:a3:41:5e:5c:8d:36:a2:71:b6:6a:08:f9:
cc:1e:da:c4:78:05:75:8f:9b:10:f0:15:f0:9e:67:a0:4e:a1:
4d:3f:16:4c:9b:19:56:6a:f2:af:89:54:52:4a:06:34:42:0d:
d5:40:25:6b:b0:c0:a2:03:18:cd:d1:07:20:b6:e5:c5:1e:21:
44:e7:c5:09:d2:d5:94:9d:6c:13:07:2f:3b:7c:4c:64:90:bf:
ff:8e
你能否澄清一下你是如何得到創建X509對象所需的NSData的?什麼是「證書」? NSData * certificateData =(NSData *)SecCertificateCopyData(certificate); – Maggie 2012-02-20 15:33:27
哦,你可以從挑戰中得到如下結果: NSURLAuthenticationChallenge *挑戰; SecTrustResultType trustResult; SecTrustRef trust = challenge.protectionSpace.serverTrust; OSStatus err = SecTrustEvaluate(trust,&trustResult); SecCertiicateRef certificate = SecGetLeafCertificate(trust); //請參閱Apple文檔以獲取SecGetLeafCertificate的實現 – 2012-02-29 14:42:43
呃,這很醜陋。讓我把它放在原來的答案。 – 2012-02-29 14:44:49